- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23770
- Проверка EDB
-
- Пройдено
- Автор
- DAVID SOPAS FERREIRA
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2004-03-01
Код:
source: https://www.securityfocus.com/bid/9771/info
It has been reported that iGeneric Free Shopping Cart is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters
As a result of this issue a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It has been conjectured that an attacker may be able to disclose user password hashes by exploiting this issue. This issue may also be leveraged to exploit latent vulnerabilities within the database itself.
page.php?page_type=catalog_products&type_id[]='[SQL-Injection]&SESSION_ID={SESSION_ID}&SESSION_ID=- Источник
- www.exploit-db.com
