header-logo
Suggest Exploit
vendor:
PaulShop CMS
by:
Se0pHpHack3r
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PaulShop CMS
Affected Version From: 2017-03-25
Affected Version To: 2017-03-25
Patch Exists: Yes
Related CWE: N/A
CPE: 2.3:a:codecanyon:paulshop_cms:2017-03-25
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2017

PaulShop CMS <= 2017-03-25 Sql Injection

SQL Injection on Shipping Cost page in Cart, with 'country' & 'weight' parameter (GET)

Mitigation:

Sanitize user input and use prepared statements.
Source

Exploit-DB raw data:

# Exploit Title: [PaulShop CMS <= 2017-03-25 Sql Injection]
# Date: [10-06-2017]
# Exploit Author: [Se0pHpHack3r]
# Vendor Homepage: [https://codecanyon.net/item/paulshop-cms-with-shopping-cart-system/18070714]
# Version: [2017-03-25] 

1. Description

SQL Injection on Shipping Cost page in Cart, with "country" & "weight" parameter (GET)

2. Examples

http://localhost/shop/en/cart/shipping_cost?country=[SQL INJECTION HERE]
http://localhost/shop/en/cart/shipping_cost?country=TH&weight=[SQL INJECTION HERE]

Navigation

Suggest Exploit

Services By CQR