header-logo
Suggest Exploit
vendor:
eCommerce Enterprise Edition
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: eCommerce Enterprise Edition
Affected Version From: eCommerce Enterprise Edition 2.1 and prior, eCommerce Home Edition
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

SQL Injection Vulnerabilities in eCommerce Enterprise Edition

eCommerce Enterprise Edition is prone to multiple SQL injection vulnerabilities. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to properly sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks. Regular security testing and code reviews should also be conducted to identify and fix any potential vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15707/info
 
eCommerce Enterprise Edition is prone to multiple SQL injection vulnerabilities.
 
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
 
eCommerce Enterprise Edition 2.1 and prior and eCommerce Home Edition are vulnerable to these issues. 

http://www.example.com/index.php?action=ViewGroups&grp=[SQL]
http://www.example.com/index.php?action=ViewCategories&cat=[SQL]

Navigation

Suggest Exploit

Services By CQR