CVE-2015-9226 - OpenCVE

Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Alegrocart	Alegrocart

Configuration 1 [-]

cpe:2.3:a:alegrocart:alegrocart:1.2.8:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2015/Nov/68	Exploit Mailing List Third Party Advisory
https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html	Exploit
https://www.exploit-db.com/exploits/38727/	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:16:02

Updated: 2022-10-03T16:16:02

Reserved: 2022-10-03T00:00:00

Link: CVE-2015-9226

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-09-11T20:29:00.580

Modified: 2017-09-18T16:17:53.210

Link: CVE-2015-9226

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:16:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html"}, {"name": "38727", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/38727/"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html"}, {"name": "20151114 AlegroCart 1.2.8: SQL Injection", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2015/Nov/68"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-9226", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html"}, {"name": "38727", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/38727/"}, {"name": "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html", "refsource": "MISC", "url": "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html"}, {"name": "20151114 AlegroCart 1.2.8: SQL Injection", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Nov/68"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-9226", "datePublished": "2022-10-03T16:16:02", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:16:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alegrocart:alegrocart:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D7C3E383-9FF9-4E22-BCAF-2EC1A90C3863", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en AlegroCart 1.2.8 permiten a administradores remotos ejecutar comandos SQL arbitrarios mediante el par\u00e1metro download en (1) la funci\u00f3n check_download y posiblemente (2) la funci\u00f3n check_filename en upload/admin2/model/products/model_admin_download.php o a usuarios autenticados remotos con un token de transacci\u00f3n de PayPal v\u00e1lido ejecutar comandos SQL arbitrarios mediante el par\u00e1metro ref en (3) la funci\u00f3n orderUpdate en upload/catalog/extension/payment/paypal.php."}], "id": "CVE-2015-9226", "lastModified": "2017-09-18T16:17:53.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-11T20:29:00.580", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2015/Nov/68"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/38727/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}