CVE-2017-12199

The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:etoilewebdesign:ultimate_product_catalog:4.2.11:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2017-08-02 05:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-12199

Mitre link : CVE-2017-12199

CVE.ORG link : CVE-2017-12199


JSON object : View

Products Affected

etoilewebdesign

  • ultimate_product_catalog
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')