CVE-2015-9226 - OpenCVE

Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Alegrocart	Alegrocart

Configuration 1 [-]

cpe:2.3:a:alegrocart:alegrocart:1.2.8:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html
http://seclists.org/fulldisclosure/2015/Nov/68
https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html
https://www.exploit-db.com/exploits/38727/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-11T20:00:00Z

Updated: 2024-09-16T18:56:18.025Z

Reserved: 2017-09-11T00:00:00Z

Link: CVE-2015-9226

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-09-11T20:29:00.580

Modified: 2017-09-18T16:17:53.210

Link: CVE-2015-9226

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-11T20:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html"}, {"name": "38727", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/38727/"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html"}, {"name": "20151114 AlegroCart 1.2.8: SQL Injection", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2015/Nov/68"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-9226", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html"}, {"name": "38727", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/38727/"}, {"name": "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html", "refsource": "MISC", "url": "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html"}, {"name": "20151114 AlegroCart 1.2.8: SQL Injection", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Nov/68"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:43:42.391Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html"}, {"name": "38727", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/38727/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html"}, {"name": "20151114 AlegroCart 1.2.8: SQL Injection", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2015/Nov/68"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-9226", "datePublished": "2017-09-11T20:00:00Z", "dateReserved": "2017-09-11T00:00:00Z", "dateUpdated": "2024-09-16T18:56:18.025Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alegrocart:alegrocart:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D7C3E383-9FF9-4E22-BCAF-2EC1A90C3863", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en AlegroCart 1.2.8 permiten a administradores remotos ejecutar comandos SQL arbitrarios mediante el par\u00e1metro download en (1) la funci\u00f3n check_download y posiblemente (2) la funci\u00f3n check_filename en upload/admin2/model/products/model_admin_download.php o a usuarios autenticados remotos con un token de transacci\u00f3n de PayPal v\u00e1lido ejecutar comandos SQL arbitrarios mediante el par\u00e1metro ref en (3) la funci\u00f3n orderUpdate en upload/catalog/extension/payment/paypal.php."}], "id": "CVE-2015-9226", "lastModified": "2017-09-18T16:17:53.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-11T20:29:00.580", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2015/Nov/68"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/38727/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}