CVE-2014-1618
published 2014-01-21CVE-2014-1618: Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.32%
87.1th percentile
Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
UAEPD Shopping Script - 'products.php' Multiple SQL Injections
exploitdb·2014-01-08
CVE-2014-1618 UAEPD Shopping Script - 'products.php' Multiple SQL Injections
UAEPD Shopping Script - 'products.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/64734/info
UAEPD Shopping Cart Script is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
http://www.example.com/products.php?cat_id=4
Exploit-DB
UAEPD Shopping Script - 'news.php?id' SQL Injection
exploitdb·2014-01-08
CVE-2014-1618 UAEPD Shopping Script - 'news.php?id' SQL Injection
UAEPD Shopping Script - 'news.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64734/info
UAEPD Shopping Cart Script is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
http://www.example.com/news.php?id=1
No writeups or analysis indexed.
http://osvdb.org/101859http://osvdb.org/101899http://osvdb.org/101900http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txthttp://secunia.com/advisories/56351http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabiltyhttp://www.securityfocus.com/bid/64734https://exchange.xforce.ibmcloud.com/vulnerabilities/90214http://osvdb.org/101859http://osvdb.org/101899http://osvdb.org/101900http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txthttp://secunia.com/advisories/56351http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabiltyhttp://www.securityfocus.com/bid/64734https://exchange.xforce.ibmcloud.com/vulnerabilities/90214
2014-01-21
Published