header-logo
Suggest Exploit
vendor:
eCommerce Enterprise Edition
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: eCommerce Enterprise Edition
Affected Version From: 2.1 and prior
Affected Version To: 2.1
Patch Exists: NO
Related CWE: Unknown
CPE: ecommerce_enterprise_edition
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

SQL Injection in eCommerce Enterprise Edition

eCommerce Enterprise Edition is prone to multiple SQL injection vulnerabilities. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15707/info

eCommerce Enterprise Edition is prone to multiple SQL injection vulnerabilities.

These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.

eCommerce Enterprise Edition 2.1 and prior and eCommerce Home Edition are vulnerable to these issues. 

http://www.example.com/view.php?prod=[SQL]

Navigation

Suggest Exploit

Services By CQR