Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2562

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-2562
Last Modified 23 Mar 2015 09:29:51
Published 20 Mar 2015 10:59:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2562

Summary

Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.

Vulnerable Systems

Application

  • Web-dorado Ecommerce Wd 1.2.5


References

FULLDISC - 20150319 Web-Dorado ECommerce-WD for Joomla plugin multiple unauthenticated SQL injections

MISC - http://packetstormsecurity.com/files/130896/Joomla-ECommerce-WD-1.2.5-SQL-Injection.html


Last Updated: 27 May 2016 11:08:10