Description
AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php.
Remediation
References
Related Vulnerabilities
Play Framework Uncontrolled Recursion Vulnerability (CVE-2020-26882)
WordPress Plugin Role Scoper Cross-Site Scripting (1.3.66)
MySQL Other Vulnerability (CVE-2005-1636)
WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0)
WordPress Plugin AB Google Map Travel (AB-MAP) Multiple Vulnerabilities (3.4)