CVE-2024-36082

State: PUBLISHED · Published: 2024-06-07 · Updated: 2024-10-30 · Assigner: jpcert

Description

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker.

CWE

CWE-89 — CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected

CodePeople / Music Store - WordPress eCommerce — v=prior to 1.1.14 [affected]

CVSS

(none)

References

https://wordpress.org/plugins/music-store/
https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php
https://jvn.jp/en/jp/JVN79213252/

Source

cvelistV5-main/cves/2024/36xxx/CVE-2024-36082.json