header-logo
Suggest Exploit
vendor:
Stride 1.0 Merchant
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Stride 1.0 Merchant
Affected Version From: Stride 1.0 Merchant
Affected Version To: Stride 1.0 Merchant
Patch Exists: NO
Related CWE: Not available
CPE: Not available
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

SQL Injection in Scott Manktelow Design Stride 1.0 Merchant

The Scott Manktelow Design Stride 1.0 Merchant application is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied input before using it in SQL queries, or use prepared statements or parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26046/info

Scott Manktelow Design Stride 1.0 Merchant is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/shop.php?cmd=sto&id=[SQL]

Navigation

Suggest Exploit

Services By CQR