Multiple SQL Injection vulnerabilities are in admin.php in this plugin. These vulnerabilities allow an authenticated user to execute arbitrary SQL commands via the 1. search[column] or 2. switch parameter.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
welcart e-commerce | le | 1.5.2 |