CVE-2014-10034 Information

Description

Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.

Reference

http://couponphp.com/changelog http://osvdb.org/show/osvdb/103895 http://osvdb.org/show/osvdb/103896 http://packetstormsecurity.com/files/125480 http://www.exploit-db.com/exploits/32037 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php https://exchange.xforce.ibmcloud.com/vulnerabilities/91550