The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/48811 | Exploit Third Party Advisory VDB Entry |
https://geekwire.eu/2020/09/14/joomla-pago-commerce-2-5-9-0-sql-injection-authenticated/ | Third Party Advisory |
Configurations
Information
Published : 2020-09-17 21:15
Updated : 2020-09-24 06:58
NVD link : CVE-2020-25751
Mitre link : CVE-2020-25751
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
corephp
- pago_commerce