SQL Injection Vulnerabilities in Web-Dorado ECommerce WD Component for Joomla
CVE-2015-2562

Currently unrated

Key Information:

Vendor

Web-dorado

Status
Ecommerce Wd
Vendor
CVE Published:
20 March 2015

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 43%

What is CVE-2015-2562?

The Web-Dorado ECommerce WD component for Joomla! version 1.2.5 is susceptible to multiple SQL injection vulnerabilities. These weaknesses allow remote attackers to manipulate SQL queries by sending specially crafted inputs through parameters such as search_category_id, sort_order, or filter_manufacturer_ids in a displayproducts action. Exploiting these vulnerabilities could enable attackers to execute arbitrary SQL commands on the database, potentially compromising sensitive data and the integrity of the application.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-2562 - Proof of Concept

References

https://www.exploit-db.com/exploits/36439/
exploitx_refsource_EXPLOIT-DB
http://seclists.org/fulldisclosure/2015/Mar/123
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/130896/Joomla-EComme...
x_refsource_MISC

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.