Vulners
Lucene search
TornadoStore 1.4.3 SQL Injection Vulnerability
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2010-1327 | 29 Jun 201000:00 | – | circl |
 | CVE-2010-1327 | 6 Jul 201014:00 | – | cve |
 | CVE-2010-1327 | 6 Jul 201014:00 | – | cvelist |
 | EUVD-2010-1356 | 7 Oct 202500:30 | – | euvd |
 | CVE-2010-1327 | 6 Jul 201017:17 | – | nvd |
 | TornadoStore 1.4.3 SQL Injection | 30 Jun 201000:00 | – | packetstorm |
 | Sql injection | 6 Jul 201017:17 | – | prion |
 | Multiple SQL Injection in TornadoStore 1.4.3 | 29 Jun 201000:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 29 Jun 201000:00 | – | securityvulns |
==============================================
TornadoStore 1.4.3 SQL Injection Vulnerability
==============================================
1. *Advisory Information*
Title: Multiple SQL Injection in TornadoStore 1.4.3
Advisory ID: BONSAI-2010-0106
Advisory URL:
http://www.bonsai-sec.com/research/vulnerabilities/tornadostore-multiple-sql-injection-0106.php
Date published: 2010-06-29
Vendors contacted: TornadoStore
Release mode: Coordinated release
2. *Vulnerability Information*
Class: SQL Injection
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2010-1327
3. *Software Description*
TornadoStoreтДв is an ecommerce platform. The objective is to solve integrally
the commercialization of products and services of companies using an online
payment system. [0].
4. *Vulnerability Description*
SQL injection is a code injection technique that exploits a security
vulnerability occurring in the database layer of an application. The
vulnerability is present when user input is either incorrectly filtered for
string literal escape characters embedded in SQL statements or user input
is not strongly typed and thereby unexpectedly executed.
For additional information, please look at the references [1], [2] and [3].
5. *Vulnerable packages*
Version <= 1.4.3
6. *Non-vulnerable packages*
TornadoStore developers informed us that all users should upgrade to the latest
version of TornadoStore, which fixes this vulnerability. More information to be
found here:
http://www.tornadostore.com/
7. *Credits*
This vulnerability was discovered by Lucas Apa ( lucas -at- bonsai-sec.com ).
8. *Technical Description*
8.1 A SQL injection vulnerability was found in the abm_list.php script, more
specifically in the 'where' variable. The vulnerability can be triggered by
logging into TornadoStore Control Panel and browsing to:
http://www.example.com/control/abm_list.php3?db=ts_143&tabla=delivery_courier&tabla_det=delivery_costo&order=&ordor=&tit=&transporte=&ira=&pagina=1&det_order=nDeCSer&det_ordor=asc&txtBuscar=&vars=&where='
8.2 A Blind SQL injection vulnerability was found in the precios.php script, more
specifically in the 'marca' variable. The vulnerability can be triggered by
browsing to:
http://www.example.com/precios.php3?marca=12'
9. *Report Timeline*
- 2010-02-02:
Vulnerabilities were identified.
- 2010-02-08:
Vendor confirmed these vulnerabilities.
- 2010-02-16:
Vendor contacted for an approximate fix release date. No specific answer given.
- 2010-06-24:
The vulnerability is still there.
- 2010-06-29:
The advisory BONSAI-2010-0106 is published.
# 0day.today [2018-04-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Jun 2010 00:00Current
7.1High risk
Vulners AI Score7.1
EPSS0.00107