CVE-2015-9226

Name of the Vulnerable Software and Affected Versions AlegroCart version 1.2.8

Description The issue allows remote administrators to execute arbitrary SQL commands via the download parameter in the check download and possibly check filename function in upload/admin2/model/products/model admin download.php. Additionally, remote authenticated users with a valid Paypal transaction token can execute arbitrary SQL commands via the ref parameter in the orderUpdate function in upload/catalog/extension/payment/paypal.php.

Recommendations For AlegroCart version 1.2.8, as a temporary workaround, consider restricting access to the check download and check filename functions in upload/admin2/model/products/model admin download.php and the orderUpdate function in upload/catalog/extension/payment/paypal.php to minimize the risk of exploitation. Avoid using the download and ref parameters in the affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.