Vulnerability Details CVE-2024-36082
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.9%
CVSS Severity
CVSS v3 Score 6.5
References
- https://jvn.jp/en/jp/JVN79213252/
- https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php
- https://wordpress.org/plugins/music-store/
- https://jvn.jp/en/jp/JVN79213252/
- https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php
- https://wordpress.org/plugins/music-store/
Products affected by CVE-2024-36082
-
cpe:2.3:a:codepeople:music_store:-
-
cpe:2.3:a:codepeople:music_store:1.0.141
-
cpe:2.3:a:codepeople:music_store:1.0.218
-
cpe:2.3:a:codepeople:music_store:1.0.219
-
cpe:2.3:a:codepeople:music_store:1.0.220
-
cpe:2.3:a:codepeople:music_store:1.0.221
-
cpe:2.3:a:codepeople:music_store:1.0.222
-
cpe:2.3:a:codepeople:music_store:1.0.223
-
cpe:2.3:a:codepeople:music_store:1.0.224
-
cpe:2.3:a:codepeople:music_store:1.0.225
-
cpe:2.3:a:codepeople:music_store:1.0.226