vendor:
Mosaic Commerce
by:
Ali Abbasi
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Mosaic Commerce
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Mosaic Commerce SQL Injection Vulnerability
An SQL injection vulnerability exists in Mosaic Commerce, which allows an attacker to gain access to the admin username and password hash. This is done by sending a maliciously crafted HTTP request to the category.php page, with the cid parameter set to a malicious SQL statement.
Mitigation:
Input validation should be used to prevent SQL injection attacks.