Description

WordPress Plugin Shopping Cart is prone to multiple SQL injection vulnerabilities and an arbitrary file upload vulnerability because it fails to sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Shopping Cart version 8.1.14 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 8.1.15 or latest

References

http://www.securityfocus.com/bid/57101/exploit

http://www.opensyscom.fr/Actualites/wordpress-plugins-wordpress-shopping-cart-multiple-vulnerability.html

http://packetstormsecurity.com/files/119217/WordPress-Shopping-Cart-8.1.14-Shell-Upload-SQL-Injection.html

http://secunia.com/advisories/51690/

Related Vulnerabilities

Squid Resource Management Errors Vulnerability (CVE-2011-4096)

WordPress Plugin Connections Business Directory Unspecified Vulnerability (10.4.7)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4295)

WordPress Plugin Last.fm Rotation Local File Inclusion (1.0)

WordPress Plugin Shopping Cart & eCommerce Store Multiple Security Bypass Vulnerabilities (3.0.20)

Severity

High

Classification

CWE-89 CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update SQL Injection Unauthenticated File Upload