CVE-2024-36082 – Music Store - WordPress eCommerce <= 1.1.13 - Authenticated (Admin+) SQL Injection

https://notcve.org/view.php?id=CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker. Vulnerabilidad de inyección SQL en Music Store - WordPress eCommerce anteriores a la 1.1.14 permiten que un atacante remoto autenticado con privilegios administrativos ejecute comandos SQL arbitrarios. El atacante puede obtener o modificar la información almacenada en la base de datos. The Music Store – WordPress eCommerce plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.1.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://jvn.jp/en/jp/JVN79213252 https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php https://wordpress.org/plugins/music-store • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •