CVE-2014-10034

Name of the Vulnerable Software and Affected Versions couponPHP versions prior to 1.2.0

Description The issue concerns SQL injection vulnerabilities in the admin area. These vulnerabilities allow remote administrators to execute arbitrary SQL commands. The vulnerabilities are specifically related to the iDisplayLength and iDisplayStart parameters in the API endpoints "comments paginate.php" and "stores paginate.php" located in "admin/ajax/".

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "comments paginate.php" and "stores paginate.php" files in "admin/ajax/" to minimize the risk of exploitation. Avoid using the iDisplayLength and iDisplayStart parameters in the affected API endpoints until the issue is resolved.