CVE-2012-5310

EPSS 0.71%
Veröffentlicht 08.10.2012 17:55:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

WP eCommerce < 3.8.7.6 - SQL Injection

SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Mögliche Gegenmaßnahme

WP eCommerce: Update to version 3.8.7.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WP eCommerce

Version [*, 3.8.7.6)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Getshopped ≫ Wp E-commerce Version <= 3.8.7.5

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.6.5

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.6.6

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.6.7

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.6.8

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.6.9

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.6.10

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.6.11

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.6.12

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.6.13

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7 Updatebeta2

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7 Updatebeta3

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.1

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.2

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.3

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.4

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.5

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.5 Updatebeta1

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.5 Updatebeta2

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.5 Updaterc1

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.5 Updaterc2

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.5 Updaterc3

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.5 Updaterc4

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.5.1

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.5.1 Updatebeta

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.5.2

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.5.3

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6 Updaterc1

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6 Updaterc2

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6 Updaterc3

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6 Updaterc4

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6.1

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6.2

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6.3

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6.4

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6.5

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6.6

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6.7

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.6.9

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.7

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.8

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.8.1

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.8.2

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.7.8.3

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8 Updatebeta1

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8 Updatebeta2

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8 Updatebeta3

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8 Updaterc1

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8 Updaterc2

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8 Updaterc3

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8 Updaterc4

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.1

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.2

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.3

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.4

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.5

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.6

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.6.1

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.7

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.7.1

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.7.2

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.7.3

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.7.4

Wordpress ≫ Wordpress Version-

Getshopped ≫ Wp E-commerce Version3.8.8

Wordpress ≫ Wordpress Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.71%	0.719

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

http://wordpress.org/extend/plugins/wp-e-commerce/changelog/

http://secunia.com/advisories/47627

Vendor Advisory

http://www.securityfocus.com/bid/51637

https://exchange.xforce.ibmcloud.com/vulnerabilities/72622

https://www.wordfence.com/threat-intel/vulnerabilities/id/4aa89fab-b6fe-423a-a7f5-dbe6c92d1b56

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-5310

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5310

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5310

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2012-5310