2 matches found
CVE-2015-9226
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the 1 checkdownload and possibly 2 checkfilename function in upload/admin2/model/products/modeladmindownload.php or remote authenticated users wit...
CVE-2015-9226
AlegroCart 1.2.8 is affected by multiple SQL injection vulnerabilities. Remote administrators can execute arbitrary SQL via the download parameter (check_download and possibly check_filename in upload/admin2/model/products/model_admin_download.php) or via the ref parameter in the orderUpdate func...