BugTraq
prestashop vuln: sql injection submitted to bugtraq (at) securityfocus (dot) com [email concealed] Feb 25 2011 06:44AM
Antonio S.M (antonio_s_martino yahoo es)
Hello,
I am Antonio San Martino, i write you to incloude this sql injection
vulnerabilities in your database. The vulnerable version is prestashop 1.3.3 and
is vulnerable to sql injection

Vulnerable software and vendor: Prestashop, verion: 1.3.3 - 0.246s

Sql Injection Vulnerabilities

Vulnerable File Vulnerable Field
category.php id_category
cart.php id_product
product.php id_product

Vulnerability details: just inject ' and you get sql eror

Thanks so much.
Kind Regards

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus