توییت
[align=LEFT][align=LEFT]################################################## ############################[/align][align=LEFT]#Title: Wordpress WP E-Commerce Plugin SQL Injection[/align][align=LEFT]#Advisory URL:[/align][align=LEFT]#http://www.defensecode.com/article/wordpress_wp_e-commerce_plugin_multiple_security_vulnerabilities_-30[/align][align=LEFT]#Version: 3.8.9 and below[/align][align=LEFT]#Vendor Status: Vendor contacted[/align][align=LEFT]#Release Date: 2012-11-12[/align][align=LEFT]#Risk: High[/align][align=LEFT]################################################## ############################[/align][align=LEFT]Version:3.1. SQL injection[/align][align=LEFT]
[/align][align=LEFT]File: wp-e-commerce\wpsc-includes\purchaselogs.class.php[/align][align=LEFT]Function: get_results($sql)[/align][align=LEFT]Variable: $_POST['view_purchlogs_by_status'][/align][align=LEFT]Called from (function line file):[/align][align=LEFT]get_purchlogs() 699 wp-e-commerce\wpsc-core\wpsc-deprecated.php[/align][align=LEFT]
[/align][align=LEFT]Version:3.2. SQL injection[/align][align=LEFT]File: wp-e-commerce\wpsc-includes\purchaselogs.class.php[/align][align=LEFT]Function: get_results( $sql )[/align][align=LEFT]Variable: $_POST['view_purchlogs_by_status'][/align][align=LEFT]Called from (function line file):[/align][align=LEFT]get_purchlogs() 681 wp-e-commerce\wpsc-core\wpsc-deprecated.php[/align][align=LEFT]
[/align][align=LEFT]Version:3.3. SQL injection[/align][align=LEFT]File: wp-e-commerce\wpsc-includes\purchaselogs.class.php[/align][align=LEFT]Function: get_results( $sql )[/align][align=LEFT]Variable: $_GET['view_purchlogs_by_status'][/align][align=LEFT]Called from (function line file):[/align][align=LEFT]get_purchlogs() 525 wp-e-commerce\wpsc-includes\purchaselogs.class.php[/align][align=LEFT]
[/align][align=LEFT]Version:3.4. SQL injection[/align][align=LEFT]File: wp-e-commerce\wpsc-includes\purchaselogs.class.php[/align][align=LEFT]Function: get_results( $sql )[/align][align=LEFT]Variable: $_GET['view_purchlogs_by_status'][/align][align=LEFT]Called from (function line file):[/align][align=LEFT]get_purchlogs() 543 wp-e-commerce\wpsc-includes\purchaselogs.class.php[/align][align=LEFT]################################################## ############################[/align][/align]
[/align][align=LEFT]File: wp-e-commerce\wpsc-includes\purchaselogs.class.php[/align][align=LEFT]Function: get_results($sql)[/align][align=LEFT]Variable: $_POST['view_purchlogs_by_status'][/align][align=LEFT]Called from (function line file):[/align][align=LEFT]get_purchlogs() 699 wp-e-commerce\wpsc-core\wpsc-deprecated.php[/align][align=LEFT]
[/align][align=LEFT]Version:3.2. SQL injection[/align][align=LEFT]File: wp-e-commerce\wpsc-includes\purchaselogs.class.php[/align][align=LEFT]Function: get_results( $sql )[/align][align=LEFT]Variable: $_POST['view_purchlogs_by_status'][/align][align=LEFT]Called from (function line file):[/align][align=LEFT]get_purchlogs() 681 wp-e-commerce\wpsc-core\wpsc-deprecated.php[/align][align=LEFT]
[/align][align=LEFT]Version:3.3. SQL injection[/align][align=LEFT]File: wp-e-commerce\wpsc-includes\purchaselogs.class.php[/align][align=LEFT]Function: get_results( $sql )[/align][align=LEFT]Variable: $_GET['view_purchlogs_by_status'][/align][align=LEFT]Called from (function line file):[/align][align=LEFT]get_purchlogs() 525 wp-e-commerce\wpsc-includes\purchaselogs.class.php[/align][align=LEFT]
[/align][align=LEFT]Version:3.4. SQL injection[/align][align=LEFT]File: wp-e-commerce\wpsc-includes\purchaselogs.class.php[/align][align=LEFT]Function: get_results( $sql )[/align][align=LEFT]Variable: $_GET['view_purchlogs_by_status'][/align][align=LEFT]Called from (function line file):[/align][align=LEFT]get_purchlogs() 543 wp-e-commerce\wpsc-includes\purchaselogs.class.php[/align][align=LEFT]################################################## ############################[/align][/align]