header-logo
Suggest Exploit
vendor:
ProductCart
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ProductCart
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2003

ProductCart SQL Injection Vulnerability

ProductCart is vulnerable to an SQL injection attack that can be used to bypass the authentication system and access the ProductCart administration panel. This is achieved by appending an SQL statement to the 'idadmin' parameter in the URL.

Mitigation:

Input validation should be used to prevent malicious SQL statements from being passed to the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8105/info

ProductCart has been reported prone to an SQL injection vulnerability that may be exploited to bypass the ProductCart authentication system and access the ProductCart administration panel; other attacks may also be possible.

http://www.example.com/produccart/pdacmin/login.asp?idadmin='' or 1=1--

Navigation

Suggest Exploit

Services By CQR