The SpiderCatalog WordPress plugin up to and including 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
web-dorado spidercatalog |