CVE-2015-2562
published 2015-03-20CVE-2015-2562: Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary…
PriorityP266high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
38.95%
98.4th percentile
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| web-dorado | ecommerce_wd | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandsearch_category_id=1) UNION ALL SELECT CONCAT(0x71786a6b71,0x704f43796c4773545349,0x71706a6a71)--↗
commandsort_order=asc,(SELECT (CASE WHEN (6064=6064) THEN SLEEP(5) ELSE 6064*(SELECT 6064 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))↗
bytes↗
0x71786a6b71
- →Monitor POST requests to /index.php with query parameters option=com_ecommercewd, controller=products, and task=displayproducts. Inspect POST body for SQL injection patterns in search_category_id, sort_order, and filter_manufacturer_ids parameters. ↗
- →Detect UNION-based SQLi by alerting on UNION ALL SELECT CONCAT with hex-encoded boundary markers (0x71786a6b71, 0x71706a6a71) in POST body to com_ecommercewd endpoints. ↗
- →A Metasploit auxiliary scanner module exists for this vulnerability; scan logs for automated exploitation attempts against the displayproducts action. ↗
- ·The vulnerability is unauthenticated — no session or login is required to exploit it, meaning perimeter authentication controls alone are insufficient. ↗
- ·Version 1.2.5 is confirmed vulnerable; prior versions are also likely affected per the Metasploit module description. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component ECommerce-WD 1.2.5 - SQL Injection
exploitdb·2015-03-19
CVE-2015-2562 Joomla! Component ECommerce-WD 1.2.5 - SQL Injection
Joomla! Component ECommerce-WD 1.2.5 - SQL Injection
---
Version 1.2.5 of the ECommerce-WD plugin for Joomla! has multiple
unauthenticated SQL injections available via the advanced search
functionality.
http://extensions.joomla.org/extension/ecommerce-wd
The vulnerable parameters are search_category_id, sort_order, and
filter_manufacturer_ids within the following request:
POST
/index.php?option=com_ecommercewd&controller=products&task=displayproducts
HTTP/1.1
Host: 172.31.16.49
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101
Firefox/30.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
http://172.31.16.49/index.php?option=com_ecommercewd&view=products&layout=displ
Metasploit
Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner
metasploit
Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner
Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner
This module will scan for hosts vulnerable to an unauthenticated SQL injection within the advanced search feature of the Web-Dorado ECommerce WD 1.2.5 and likely prior.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/130896/Joomla-ECommerce-WD-1.2.5-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Mar/123http://www.securityfocus.com/bid/73285https://www.exploit-db.com/exploits/36439/http://packetstormsecurity.com/files/130896/Joomla-ECommerce-WD-1.2.5-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Mar/123http://www.securityfocus.com/bid/73285https://www.exploit-db.com/exploits/36439/
2015-03-20
Published