vendor:
Mpay24 Payment Module
by:
Eldar Marcussen
7.5
CVSS
HIGH
SQL injection and information disclosure
89
CWE
Product Name: Mpay24 Payment Module
Affected Version From: 1.5
Affected Version To: 1.5 and earlier
Patch Exists: YES
Related CWE: CVE-2014-2008
CPE: a:mpay24:mpay24_payment_module
Platforms Tested:
2014
Mpay24 PrestaShop Payment Module Multiple Vulnerabilities
The Mpay24 plugin version 1.5 and earlier does not sufficiently filter or escape user supplied data used in database queries resulting in SQL injection vulnerabilities. This vulnerability allows attackers to extract information directly from the database.
Mitigation:
Apply the patch provided by the vendor.