CVE-2014-9237

Name of the Vulnerable Software and Affected Versions Proticaret E-Commerce version 3.0

Description The issue allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request, specifically through "API Endpoints" that accept SOAP requests. This can lead to unauthorized access and manipulation of database content. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For Proticaret E-Commerce version 3.0, consider restricting access to SOAP API endpoints that accept tem:Code elements until a patch is available. As a temporary workaround, disabling the execution of arbitrary SQL commands or validating and sanitizing user input in SOAP requests may help mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this issue.