CVE-2014-5140
CVE-2014-5140
The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book.
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
cve_referencepacketstormsecurity.com/files/128183/Loaded-Commerce-7-Shopping-Cart-SQL-Injection.htmlno verificadocve_referencewww.exploit-db.com/exploits/34552no verificadoexploitdbwww.exploit-db.com/exploits/34552no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/128183/Loaded-Commerce-7-Shopping-Cart-SQL-Injection.htmlhttp://resources.infosecinstitute.com/exploiting-systemic-query-vulnerabilities-attempt-re-invent-pdo/https://exchange.xforce.ibmcloud.com/vulnerabilities/95791https://github.com/loadedcommerce/loaded7/pull/520http://www.exploit-db.com/exploits/34552