Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.
References
Configurations
History
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabilty - Exploit, URL Repurposed |
Information
Published : 2014-01-21 15:17
Updated : 2024-02-28 12:20
NVD link : CVE-2014-1618
Mitre link : CVE-2014-1618
CVE.ORG link : CVE-2014-1618
JSON object : View
Products Affected
uaepd
- shopping_cart_script
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')