Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
References
Link | Resource |
---|---|
https://packetstormsecurity.com/files/144445/Vastal-I-Tech-Dating-Zone-0.9.9-SQL-Injection.html | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/43084/ | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2017-10-28 23:29
Updated : 2017-11-17 10:14
NVD link : CVE-2017-15975
Mitre link : CVE-2017-15975
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
vastal
- dating_zone