Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-10033

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-10033
Last Modified 14 Jan 2015 04:50:15
Published 13 Jan 2015 10:59:42
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-10033

Summary

SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.

Vulnerable Systems

Application

  • Oscommerce Online Merchant 2.3.3.4


References

CONFIRM - https://github.com/gburton/oscommerce2/commit/e4d90eccd7d9072ebe78da4c38fb048bfe31c902

XF - oscommerce-geozones-sql-injection(91113)

MISC - http://www.secgeek.net/oscommerce-v2x-sql-injection-vulnerability/

EXPLOIT-DB - 31515

OSVDB - 103365


Last Updated: 27 May 2016 11:07:32