CVE-2015-1476

2022-10-0316:15:50

mitre

www.cve.org

sql injection

xlinkerz ecommercemajor

remote attackers

arbitrary sql commands

8.7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

JSON

Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.

References

osvdb.org/show/osvdb/117569

osvdb.org/show/osvdb/117570

packetstormsecurity.com/files/130073/ecommerceMajor-SQL-Injection.html

www.exploit-db.com/exploits/35878