Описание
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-2008
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95720
- http://osvdb.org/show/osvdb/110737
- http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html
- http://seclists.org/fulldisclosure/2014/Sep/23
- http://www.exploit-db.com/exploits/34586
- http://www.securityfocus.com/bid/69560
Связанные уязвимости
nvd
больше 11 лет назад
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.