CVE-2014-2008 Information

Description

SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.

Reference

http://osvdb.org/show/osvdb/110737 http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html http://seclists.org/fulldisclosure/2014/Sep/23 http://www.exploit-db.com/exploits/34586 http://www.securityfocus.com/bid/69560 https://exchange.xforce.ibmcloud.com/vulnerabilities/95720