CVE-2024-36082

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36082
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/jp/JVN79213252/ Third Party Advisory
https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php Issue Tracking
https://wordpress.org/plugins/music-store/ Product
https://jvn.jp/en/jp/JVN79213252/ Third Party Advisory
https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php Issue Tracking
https://wordpress.org/plugins/music-store/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:codepeople:music_store:*:*:*:*:*:wordpress:*:*
History

21 Nov 2024, 09:21

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN79213252/ - Third Party Advisory () https://jvn.jp/en/jp/JVN79213252/ - Third Party Advisory
References () https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php - Issue Tracking () https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php - Issue Tracking
References () https://wordpress.org/plugins/music-store/ - Product () https://wordpress.org/plugins/music-store/ - Product

17 Jul 2024, 17:36

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN79213252/ - () https://jvn.jp/en/jp/JVN79213252/ - Third Party Advisory
References () https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php - () https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php - Issue Tracking
References () https://wordpress.org/plugins/music-store/ - () https://wordpress.org/plugins/music-store/ - Product
First Time Codepeople
Codepeople music Store
CPE cpe:2.3:a:codepeople:music_store:*:*:*:*:*:wordpress:*:*
CWE CWE-89
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5

07 Jun 2024, 14:56

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de inyección SQL en Music Store - WordPress eCommerce anteriores a la 1.1.14 permiten que un atacante remoto autenticado con privilegios administrativos ejecute comandos SQL arbitrarios. El atacante puede obtener o modificar la información almacenada en la base de datos.

07 Jun 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-07 04:15

Updated : 2024-11-21 09:21

NVD link : CVE-2024-36082

Mitre link : CVE-2024-36082

CVE.ORG link : CVE-2024-36082

JSON object : View

Products Affected

codepeople

  • music_store
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024