CVE-2015-2562

Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner

Title source: metasploit

Description

Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.

Exploits (2)

exploitdb WORKING POC

by Brandon Perry · textwebappsphp

https://www.exploit-db.com/exploits/36439

View Code ZIP pw:eip

metasploit SCANNER

by bperry · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/joomla_ecommercewd_sqli_scanner.rb

View Code ZIP pw:eip

References (4)

[Exploit] http://packetstormsecurity.com/files/130896/Joomla-ECommerce-WD-1.2.5-SQL-Injection.html

[Exploit] http://seclists.org/fulldisclosure/2015/Mar/123

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/73285

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/36439/

Scores

EPSS 0.4354

EPSS Percentile 97.5%

Details

CWE

CWE-89

Status published

Products (1)

web-dorado/ecommerce_wd 1.2.5

Published Mar 20, 2015

Tracked Since Feb 18, 2026