Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbJames HookerWPVDB-ID:43756C7D-A4BE-41D7-8AA0-48E04AD02F86
HistoryJan 01, 2015 - 4:42 p.m.

Cart66 Lite <= 1.5.3 - SQL Injection

2015-01-0116:42:34
James Hooker
wpscan.com
13

EPSS

0.001

Percentile

47.0%

JSON

The QSA named ‘q’ for the ‘promotionProductSearch’ AJAX call is not being sanitized, which allows for MySQL injection utilizing a UNION. The user must be logged in for this to be applicable. The output is JSON encoded, however is a pure representation of the data returned from a MySQL query.

Related

nvd 1
cvelist 1
patchstack 1
cve 1
prion 1
nvd
nvd
CVE-2014-9442
2015-01-02 19:59:11
cvelist
cvelist
CVE-2014-9442
2015-01-02 19:00:00
patchstack
patchstack
WordPress Cart66 Lite Plugin <= 1.5.3 - SQL Injection
2015-01-02 00:00:00
cve
cve
CVE-2014-9442
2015-01-02 19:59:11
prion
prion
Sql injection
2015-01-02 19:59:00

EPSS

0.001

Percentile

47.0%

JSON
Related for WPVDB-ID:43756C7D-A4BE-41D7-8AA0-48E04AD02F86
nvd1cvelist1patchstack1cve1prion1