ol-commerce Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities

Attackers can use a browser to exploit the SQL-injection issues. An attacker must trick a victim into following a malicious URI to exploit a cross-site scripting issue.

The following example proof of concept is available:


 

Privacy Statement
Copyright 2010, SecurityFocus