SECUNIA ADVISORY ID: SA22955
VERIFY ADVISORY: http://secunia.com/advisories/22955/
CRITICAL: Moderately critical
IMPACT: Manipulation of data
SOFTWARE: Enthrallweb eShopping Cart - http://secunia.com/product/12651/
DESCRIPTION: Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Enthrallweb eShopping Cart, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "ProductID" in reviews.asp and productdetail.asp, and to the "cat_id" and "sub_id" parameters in subProducts.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY: Laurent Gaffié and Benjamin Mossé
Enthrallweb eShopping Cart Multiple SQL InjectionPosted on Friday, November 17, 2006 @ 09:31:43 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
