Vulnerabilities > Loadedcommerce
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-03 | CVE-2014-5140 | SQL Injection vulnerability in Loadedcommerce Loaded7 The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book. | 8.8 |