4 matches found
CVE-2014-5140
CVE-2014-5140 affects Loaded Commerce 7. The vulnerability is in the bindReplace function of the query factory (includes/classes/database.php), which does not properly handle colon characters. This enables SQL injection via the First name and Last name fields in the address book when used by remo...
LoadedCommerce7 - Systemic Query Factory Vulnerability
No description provided by source. Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor...
LoadedCommerce7 - Systemic Query Factory Vulnerability
Loaded Commerce 7 shopping cart/online store suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection. Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory:...
LoadedCommerce7 - Systemic Query Factory
Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor notified - 29 July 2014 Vendor...