Themes Vulnerabilities

WooThemes Daily Edition <= 1.6.2 - SQL Injection

Description

According to the researcher, "The code flaw occurs at 'fiche-disque.php?' page with '&id' parameter."

Affects Themes

dailyedition
No known fix

References

URL
https://packetstormsecurity.com/files/#130719/
URL
https://seclists.org/fulldisclosure/2015/Mar/34
URL
http://www.woothemes.com/products/daily-edition/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
b70b8c71-01d6-4d0d-97a4-784545c35d04

Timeline

Publicly Published
2015-03-07 (about 11 years ago)
Added
2015-03-09 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-12-14
Title
LaunchPage.app Importer <= 1.1 - Unauthenticated SQL Injection
Published
2025-02-18
Title
Small Package Quotes – For Customers of FedEx < 4.3.2 - Unauthenticated SQL Injection
Published
2025-01-27
Title
Track Logins <= 1.0 - Admin+ SQL Injection
Published
2015-12-11
Title
Link Log < 2.1 - SQL Injection
Published
2025-06-03
Title
Recover abandoned cart for WooCommerce <= 2.5 - Unauthenticated SQL Injection