Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.
References
Configurations
History
No history.
Information
Published : 2015-01-13 15:59
Updated : 2024-02-04 18:35
NVD link : CVE-2014-10034
Mitre link : CVE-2014-10034
CVE.ORG link : CVE-2014-10034
JSON object : View
Products Affected
couponphp
- couponphp
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')