The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item.
References
Link | Resource |
---|---|
https://github.com/kevins1022/cve/blob/master/wordpress-product-catalog.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-08-02 05:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-12199
Mitre link : CVE-2017-12199
CVE.ORG link : CVE-2017-12199
JSON object : View
Products Affected
etoilewebdesign
- ultimate_product_catalog
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')