SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN79213252/ | Third Party Advisory |
https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php | Issue Tracking |
https://wordpress.org/plugins/music-store/ | Product |
Configurations
History
17 Jul 2024, 17:36
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | CWE-89 | |
First Time |
Codepeople
Codepeople music Store |
|
CPE | cpe:2.3:a:codepeople:music_store:*:*:*:*:*:wordpress:*:* | |
References | () https://jvn.jp/en/jp/JVN79213252/ - Third Party Advisory | |
References | () https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php - Issue Tracking | |
References | () https://wordpress.org/plugins/music-store/ - Product |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Jun 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-07 04:15
Updated : 2024-10-30 20:35
NVD link : CVE-2024-36082
Mitre link : CVE-2024-36082
CVE.ORG link : CVE-2024-36082
JSON object : View
Products Affected
codepeople
- music_store
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')