Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-10034

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-10034
Last Modified 14 Jan 2015 04:50:06
Published 13 Jan 2015 10:59:43
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-10034

Summary

Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.

Vulnerable Systems

Application

  • Couponphp 1.1.0


References

XF - couponphp-commentspaginate-sql-injection(91550)

MISC - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php

EXPLOIT-DB - 32037

MISC - http://packetstormsecurity.com/files/125480

OSVDB - 103896

OSVDB - 103895

CONFIRM - http://couponphp.com/changelog


Last Updated: 27 May 2016 11:07:32