Vulnerability Details CVE-2014-10034
Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.6%
CVSS Severity
CVSS v2 Score 6.5
References
- http://couponphp.com/changelog
- http://osvdb.org/show/osvdb/103895
- http://osvdb.org/show/osvdb/103896
- http://packetstormsecurity.com/files/125480
- http://www.exploit-db.com/exploits/32037
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91550
- http://couponphp.com/changelog
- http://osvdb.org/show/osvdb/103895
- http://osvdb.org/show/osvdb/103896
- http://packetstormsecurity.com/files/125480
- http://www.exploit-db.com/exploits/32037
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91550