3 matches found
CVE-2014-9442
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php...
CVE-2014-9442
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php...
CVE-2014-9442
Cart66 Lite plugin for WordPress (before 1.5.4) is affected by an SQL injection in the Cart66Ajax.php handling for promotionProductSearch in wp-admin/admin-ajax.php. The vulnerability allows an authenticated remote user to execute arbitrary SQL commands via the q parameter. Impact per the sources...