CNNVD-202602-029 Information
CNNVD ID
CNNVD-202602-029
Related CVE
- CNNVD Published: 2026-02-01
Description (Chinese)
Mult-E-Cart Ultimate是印度Mult-E-Cart公司的一个电商平台脚本。 Mult-E-Cart Ultimate 2.4版本存在SQL注入漏洞,该漏洞源于库存、客户、供应商和订单模块存在多个SQL注入漏洞,可能导致远程攻击者执行恶意SQL命令。
Description (English)
Multi-E-Cart Ultimate is a script of an electrician platform of the Indian firm Multi-E-Cart. Mult-E-Cart Ultimate 2.4 has an injection loophole in SQL, which stems from multiple SQL injection holes in inventory, customers, suppliers and order modules, which may lead to the implementation of malicious SQL orders by remote attackers.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
Mult-E-Cart
Published
2026-02-01
Last Modified
2026-02-24
References
https://ultimate.multecart.com/ https://www.techraft.in/ https://www.vulncheck.com/advisories/mult-e-cart-ultimate-sql-injection-via-vulnerable-id-parameters https://www.vulnerability-lab.com/get_content.php?id=2306
Patch
https://www.mediawiki.org/wiki/Extension:DiscussionTools
Share on: