CVE-2018-25206

Name of the Vulnerable Software and Affected Versions KomSeo Cart version 1.3

Description An SQL injection flaw allows attackers to inject SQL commands via the my item search parameter in the 'edit.php' endpoint. By submitting POST requests with malicious payloads, attackers can extract sensitive database information using error-based or boolean-based blind injection techniques, where the latter involves asking the database true/false questions to infer data.

Recommendations As a temporary workaround, avoid using the my item search parameter in the 'edit.php' endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.