CVE-2014-10034

Sažetak

Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.

Reference

http://couponphp.com/changelog
http://osvdb.org/show/osvdb/103895
http://osvdb.org/show/osvdb/103896
http://packetstormsecurity.com/files/125480
http://www.exploit-db.com/exploits/32037
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/91550

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-09-2017 - 01:29

Objavljeno

13-01-2015 - 15:59