← back
CVE-2014-5104

CVE-2014-5104

EPSS 2.1%
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
Affected products
n/a · n/a
public PoCs found5
cve_referencepacketstormsecurity.com/files/127521/OL-Commerce-2.1.1-Cross-Site-Scripting-SQL-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/39346unverifiedexploitdbwww.exploit-db.com/exploits/39344unverifiedexploitdbwww.exploit-db.com/exploits/39343unverifiedexploitdbwww.exploit-db.com/exploits/39345unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/127521/OL-Commerce-2.1.1-Cross-Site-Scripting-SQL-Injection.htmlhttp://www.securityfocus.com/bid/68719