Vulnerability Details CVE-2016-10755
AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 4.0
References
Products affected by CVE-2016-10755
-
cpe:2.3:a:abantecart:abantecart:1.2.8