CVE-2024-36082
Music Store - WordPress eCommerce <= 1.1.13 - Authenticated (Admin+) SQL Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker.
Vulnerabilidad de inyección SQL en Music Store - WordPress eCommerce anteriores a la 1.1.14 permiten que un atacante remoto autenticado con privilegios administrativos ejecute comandos SQL arbitrarios. El atacante puede obtener o modificar la información almacenada en la base de datos.
The Music Store – WordPress eCommerce plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.1.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-19 CVE Reserved
- 2024-06-07 CVE Published
- 2024-07-18 EPSS Updated
- 2024-10-30 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (3)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
CodePeople Search vendor "CodePeople" | Music Store - WordPress ECommerce Search vendor "CodePeople" for product "Music Store - WordPress ECommerce" | 1.1.14 Search vendor "CodePeople" for product "Music Store - WordPress ECommerce" and version "1.1.14" | en |
Affected
|