Cart66 Lite <= 1.5.3 - SQL Injection



Description
The QSA named ‘q’ for the ‘promotionProductSearch’ AJAX call is not being sanitized, which allows for MySQL injection utilizing a UNION. The user must be logged in for this to be applicable. The output is JSON encoded, however is a pure representation of the data returned from a MySQL query.

Affects Plugin

fixed in version 1.5.4
- plugin closed

References

CVE 2014-9442
URL https://research.g0blin.co.uk/cve-2014-9442/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter James Hooker
Submitter Website https://research.g0blin.co.uk
Submitter Twitter g0blinResearch
Views 4624
Verified No
WPVDB ID 7737

Timeline

Publicly Published 2015-01-01 (over 5 years ago)
Added 2015-01-01 (over 5 years ago)
Last Updated 2019-10-21 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin