header-logo
Suggest Exploit
vendor:
Pre Multi-Vendor Shopping Malls
by:
CoBRa_21
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Pre Multi-Vendor Shopping Malls
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability (products.php?sid)

This vulnerability allows an attacker to inject malicious SQL queries into the 'sid' parameter of the 'products.php' page, potentially leading to unauthorized access or manipulation of the database.

Mitigation:

To mitigate this vulnerability, ensure that all user input is properly validated and sanitized before being used in SQL queries. Implementing parameterized queries or prepared statements can help prevent SQL injection attacks.
Source

Exploit-DB raw data:

##################################################################################################

Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability (products.php?sid)

##################################################################################################

Author : CoBRa_21

Script Home : http://preproject.com/products.asp

Dork : Powered by: PreProjects

##################################################################################################

Sql Injection:

http://localhost/[path]/products.php?sid=1 (SQL)

##################################################################################################

Navigation

Suggest Exploit

Services By CQR