WordPress Plugin Vulnerabilities

Cart66 Lite < 1.5.2 - Blind SQL Injection

Description

The cart66-lite WordPress plugin was affected by a Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
cart66-lite
Fixed in 1.5.2

References

CVE
CVE-2014-9305
Exploitdb
35459
URL
https://packetstormsecurity.com/files/#129395/
URL
https://security.szurek.pl/cart66-lite-wordpress-ecommerce-15117-blind-sql-injection.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
e434ef7d-8782-4a56-9bb0-6fee5397f754

Timeline

Publicly Published
2014-12-03 (about 11 years ago)
Added
2014-12-03 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2015-10-23
Title
wp-championship <= 5.8 - Authenticated Blind SQL Injection
Published
2014-08-01
Title
Social Slider < 6.0.0 - social-slider-2/ajax.php rA Parameter SQL Injection
Published
2022-08-08
Title
Leaflet Maps Marker < 3.12.5 - Admin+ SQLi
Published
2024-03-28
Title
Media Library Folders < 8.1.8 - Authenticated (Author+) SQL Injection
Published
2019-02-14
Title
Booking < 8.4.5.15 - SQL Injection