Description
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
Exploits (1)
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-sql-injection-0106.php
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41233
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59950
Scores
EPSS
0.0011
EPSS Percentile
28.5%
Details
CWE
CWE-89
Status
published
Products (1)
tornadostore/tornadostore
< 1.4.3
Published
Jul 06, 2010
Tracked Since
Feb 18, 2026