CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-0769

HIGH
8.8
CVSS Severity Score
EPSS Score0.0790%
EPSS Percentile44.25th
Published2017年1月23日
Last Modified2026年5月13日

Vulnerability Description

Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter.

Affected Platforms (CPE)

📦
Elfden

Eshop Plugin

= 6.3.14

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2016/02/02/3
🔗 http://www.securityfocus.com/bid/82347
🔗 http://www.vapid.dhs.org/advisory.php?v=160
🔗 http://www.openwall.com/lists/oss-security/2016/02/02/3
🔗 http://www.securityfocus.com/bid/82347
🔗 http://www.vapid.dhs.org/advisory.php?v=160

関連する脆弱性情報

CVE-2015-94136.5

The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php titl...

CVE-2015-34216.1

The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "e...

CVE-2016-07656.1

Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote atta...

CVE-2014-45564.3

Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress...