Sql injection

2007-05-3123:30:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.5%

JSON

SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter.

CPENameOperatorVersion
cpcommerceeq1.0.6
cpcommerceeq1.0.7
cpcommerceeq1.0.8
cpcommerceeq1.0.7.1
cpcommerceeq1.0.7.3
cpcommerceeq1.0.9
cpcommerceeq1.0.7.2
cpcommerceeq1.0.5.1
cpcommerceeq1.0.997
cpcommerceeq1.0.7.4

Name	Operator	Version
cpcommerce	eq	1.0.6
cpcommerce	eq	1.0.7
cpcommerce	eq	1.0.8
cpcommerce	eq	1.0.7.1
cpcommerce	eq	1.0.7.3
cpcommerce	eq	1.0.9
cpcommerce	eq	1.0.7.2
cpcommerce	eq	1.0.5.1
cpcommerce	eq	1.0.997
cpcommerce	eq	1.0.7.4

References

osvdb.org/38042

securityreason.com/securityalert/2747

www.securityfocus.com/archive/1/469910/100/0/threaded

www.securityfocus.com/bid/24223

exchange.xforce.ibmcloud.com/vulnerabilities/34573