CVE-2013-3536

SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:whmcs:group_pay:*:*:*:*:*:*:*:*
cpe:2.3:a:whmcs:whmcs:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:53

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/121046/WHMCS-Grouppay-1.5-SQL-Injection.html - Exploit () http://packetstormsecurity.com/files/121046/WHMCS-Grouppay-1.5-SQL-Injection.html - Exploit
References () http://secunia.com/advisories/52804 - Vendor Advisory () http://secunia.com/advisories/52804 - Vendor Advisory
References () http://www.exploit-db.com/exploits/24934 - () http://www.exploit-db.com/exploits/24934 -
References () http://www.osvdb.org/91980 - () http://www.osvdb.org/91980 -

Information

Published : 2013-05-13 23:55

Updated : 2024-11-21 01:53


NVD link : CVE-2013-3536

Mitre link : CVE-2013-3536

CVE.ORG link : CVE-2013-3536


JSON object : View

Products Affected

whmcs

  • group_pay
  • whmcs
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')