vendor:
Efestech Shop
by:
Dr.Kacak
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Efestech Shop
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE: N/A
CPE: a:efestech:efestech_shop:2.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Efestech Shop v2.0 Sql Injection Vuln
Efestech Shop v2.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database. The vulnerable parameter is 'cat_id' which is located in the URL. An attacker can inject malicious SQL code into the parameter to gain access to the database. The vulnerable tables are 'ayarlar', 'cat_eng', 'cat_tr', 'eng', 'lisans', 'mark_eng', 'mark_tr', 'product', 'subcat_eng', 'subcat_tr', 'tr', and 'urun_resim'.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
