All Enthusiast ReviewPost PHP Pro Multiple Input Validation Vulnerabilities

All Enthusiast ReviewPost PHP Pro Multiple Input Validation Vulnerabilities

An exploit is not required.

The following proof of concept examples are available:
http://path/showcat.php?si=[XSS]
http://path/showproduct.php?product=[INT]&sort=[INT]&cat=[INT][XSS]
http://path/showproduct.php?product=[INT]&sort=[INT]&cat=[INT]&page=[INT][XSS]
http://path/reportproduct.php?report=[INT][XSS]

http://path/showcat.php?cat=[INT][SQL]
http://path/addfav.php?product=[INT][SQL]&do=add

([INT] represents a valid integer number, [SQL] represents valid SQL syntax, and [XSS] represents the cross-site scripting attack data)