CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Loadedcommerce: >> Loaded7 Security Vulnerabilities

CVE-2014-5140

The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book.

CVSS Score

8.8

EPSS Score

0.011

Published

2020-01-03

Page 1

Vulnerabilities

Vulnerable Software

Loadedcommerce: >> Loaded7 Security Vulnerabilities

Products

Pricing

Contact Us