Description
Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/32037
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/103895
Various Sources x_refsource_confirm
http://couponphp.com/changelog
Exploit x_refsource_misc
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91550
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/32037
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/103896
Exploit x_refsource_misc
http://packetstormsecurity.com/files/125480
Scores
EPSS
0.0186
EPSS Percentile
83.1%
Details
CWE
CWE-89
Status
published
Products (1)
couponphp/couponphp
< 1.1.0
Published
Jan 13, 2015
Tracked Since
Feb 18, 2026