SQL Injection Vulnerability in Cart66 Lite Plugin for WordPress
CVE-2014-9442

Currently unrated

Key Information:

Vendor

Wordpress
Status
Cart66 Lite
Vendor
CVE Published:
2 January 2015

What is CVE-2014-9442?

The Cart66 Lite plugin for WordPress has a SQL injection vulnerability residing in the models/Cart66Ajax.php file. This issue allows remote authenticated users to execute arbitrary SQL commands through the 'q' parameter within the 'promotionProductSearch' action, accessed via the wp-admin/admin-ajax.php endpoint. The flaw poses a significant risk as it could enable attackers to manipulate the database and gain unauthorized access to sensitive data, highlighting the importance of promptly updating the plugin to the latest version to mitigate such security threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://wordpress.org/plugins/cart66-lite/changelog/
x_refsource_CONFIRM
https://research.g0blin.co.uk/g0blin-00022/
x_refsource_MISC
http://secunia.com/advisories/61942
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.