CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 3CVE-2015-2562 – Joomla! Component ECommerce-WD 1.2.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-2562
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente Web-Dorado ECommerce WD (com_ecommercewd) 1.2.5 de Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de (1) search_category_id, (2) sort_order, o (3) filter_manufacturer_ids ien una acción displayproducts a index.php. • https://www.exploit-db.com/exploits/36439 http://packetstormsecurity.com/files/130896/Joomla-ECommerce-WD-1.2.5-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Mar/123 http://www.securityfocus.com/bid/73285 - • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •