header-logo
Suggest Exploit
vendor:
GhostScripter Amazon Shop
by:
Not specified
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: GhostScripter Amazon Shop
Affected Version From: 5.0.0
Affected Version To: 5.0.0
Patch Exists: NO
Related CWE: Not specified
CPE: Not specified
Metasploit:
Other Scripts:
Platforms Tested: Not specified
Not specified

GhostScripter Amazon Shop SQL Injection Vulnerability

GhostScripter Amazon Shop is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Mitigation:

It is recommended to sanitize user input before using it in SQL queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15634/info

GhostScripter Amazon Shop is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

GhostScripter Amazon Shop 5.0.0 and prior versions are vulnerable; other versions may also be affected. 


http://www.example.com/search.php?query=%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&mode=all&imageField.x=21&imageField.y=4

Navigation

Suggest Exploit

Services By CQR