RSS   Vulnerabilities for 'Loaded7'   RSS

2020-01-03
 
CVE-2014-5140

CWE-89
 

 
The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book.

 


Copyright 2024, cxsecurity.com

 

Back to Top