WP e-Commerce <= 3.8.4 - SQL
Am Tuesday, 19. Jul 2011 im Topic 'Vulnerabilities'
Download link:
http://wordpress.org/extend/plugins/wp-e-commerce
Google Dork:
inurl:page_id= "Your billing/contact details"
Bugged code (wpsc-theme/functions/wpsc-user_log_functions.php):
foreach ( (array)$_POST['collected_data'] as $value_id => $value ) {
$form_sql = "SELECT * FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE
`id` = '$value_id' LIMIT 1?;
$form_data = $wpdb->get_row( $form_sql, ARRAY_A );
FIX:
Upgrade to new version
http://wordpress.org/extend/plugins/wp-e-commerce
Google Dork:
inurl:page_id= "Your billing/contact details"
Bugged code (wpsc-theme/functions/wpsc-user_log_functions.php):
foreach ( (array)$_POST['collected_data'] as $value_id => $value ) {
$form_sql = "SELECT * FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE
`id` = '$value_id' LIMIT 1?;
$form_data = $wpdb->get_row( $form_sql, ARRAY_A );
FIX:
Upgrade to new version