CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-2562

Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.415

EPSS Ranking 97.2%

CVSS Severity

CVSS v2 Score 7.5

References

http://packetstormsecurity.com/files/130896/Joomla-ECommerce-WD-1.2.5-SQL-Injection.html
http://seclists.org/fulldisclosure/2015/Mar/123
http://www.securityfocus.com/bid/73285
https://www.exploit-db.com/exploits/36439/
http://packetstormsecurity.com/files/130896/Joomla-ECommerce-WD-1.2.5-SQL-Injection.html
http://seclists.org/fulldisclosure/2015/Mar/123
http://www.securityfocus.com/bid/73285
https://www.exploit-db.com/exploits/36439/

Products affected by CVE-2015-2562

Web-Dorado » Ecommerce Wd » Version: 1.2.5

cpe:2.3:a:web-dorado:ecommerce_wd:1.2.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2562

Products

Pricing

Contact Us