10 lines
No EOL
696 B
Text
10 lines
No EOL
696 B
Text
source: https://www.securityfocus.com/bid/38129/info
|
|
|
|
Huski Retail is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
http://www.example.com/?_action=editProducts&categoryID=[SQLI]
|
|
http://www.example.com/?_action=showProducts&categoryID=[SQLI]&id=shop
|
|
http://www.example.com/?_action=showProductDetails&productID=[SQLI]&categoryID=1310&id=shop
|
|
http://www.example.com/?_action=showProductDetails&productID=22095&categoryID=[SQLI]&id=shop |