CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker.
Configurations

Configuration 1 (hide)

cpe:2.3:a:codepeople:music_store:*:*:*:*:*:wordpress:*:*

History

17 Jul 2024, 17:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CWE CWE-89
First Time Codepeople
Codepeople music Store
CPE cpe:2.3:a:codepeople:music_store:*:*:*:*:*:wordpress:*:*
References () https://jvn.jp/en/jp/JVN79213252/ - () https://jvn.jp/en/jp/JVN79213252/ - Third Party Advisory
References () https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php - () https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php - Issue Tracking
References () https://wordpress.org/plugins/music-store/ - () https://wordpress.org/plugins/music-store/ - Product

07 Jun 2024, 14:56

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de inyección SQL en Music Store - WordPress eCommerce anteriores a la 1.1.14 permiten que un atacante remoto autenticado con privilegios administrativos ejecute comandos SQL arbitrarios. El atacante puede obtener o modificar la información almacenada en la base de datos.

07 Jun 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-07 04:15

Updated : 2024-10-30 20:35


NVD link : CVE-2024-36082

Mitre link : CVE-2024-36082

CVE.ORG link : CVE-2024-36082


JSON object : View

Products Affected

codepeople

  • music_store
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')