Multiple SQL Injection Vulnerabilities in APT-webshop

vendor:

APT-webshop

by:

Unknown

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: APT-webshop

Affected Version From: APT-webshop 3.0 light, 3.0 basic, and 4.0 pro

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

Multiple SQL Injection Vulnerabilities in APT-webshop

APT-webshop is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques to prevent SQL injection attacks. Additionally, keeping the application and underlying database software up to date with the latest patches and security fixes is advised.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17425/info

APT-webshop is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. 

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

APT-webshop 3.0 light, 3.0 basic, and 4.0 pro are reported prone to these issues. Other versions may be vulnerable as well.

http://www.example.com/modules.php?warp=artikel&group=[SQL]
http://www.example.com/modules.php?warp=artikel&group=&seite=[SQL]
http://www.example.com/modules.php?warp=artikel&group=&seite=&id=[SQL]