11 lines
No EOL
667 B
Text
Executable file
11 lines
No EOL
667 B
Text
Executable file
source: http://www.securityfocus.com/bid/38605/info
|
|
|
|
OpenCart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
OpenCart 1.3.2 is vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/index.php?route=product%2Fspecial&path=20&page='
|
|
http://www.example.com/index.php?route=product%2Fspecial&path=20&page=\'
|
|
http://www.example.com/index.php?route=product%2Fcategory&path=20&page=andres'" |