Description

WordPress Plugin Shopping Cart is prone to multiple SQL injection vulnerabilities and an arbitrary file upload vulnerability because it fails to sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Shopping Cart version 8.1.14 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 8.1.15 or latest

References

http://www.securityfocus.com/bid/57101/exploit

http://www.opensyscom.fr/Actualites/wordpress-plugins-wordpress-shopping-cart-multiple-vulnerability.html

http://packetstormsecurity.com/files/119217/WordPress-Shopping-Cart-8.1.14-Shell-Upload-SQL-Injection.html

http://secunia.com/advisories/51690/

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4441)

Apache 2.x version older than 2.2.3

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7134)

WordPress Plugin User Rights Access Manager Security Bypass (1.0.3)

WordPress Plugin WordPress Email Marketing-WP Email Capture Multiple Vulnerabilities (3.9.3)

Severity

High

Classification

CWE-89 CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update SQL Injection Unauthenticated File Upload