Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/02/02/3 | Exploit Third Party Advisory |
http://www.securityfocus.com/bid/82347 | Third Party Advisory VDB Entry |
http://www.vapid.dhs.org/advisory.php?v=160 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2017-01-23 21:59
Updated : 2024-02-28 15:44
NVD link : CVE-2016-0769
Mitre link : CVE-2016-0769
CVE.ORG link : CVE-2016-0769
JSON object : View
Products Affected
elfden
- eshop_plugin
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')