header-logo
Suggest Exploit
vendor:
Trading Marketplace Script
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Trading Marketplace Script
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

SQL Injection in Trading Marketplace Script

The Trading Marketplace script is vulnerable to SQL injection due to insufficient input sanitization. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'cid' parameter of the 'selloffers.php' page.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques. Using prepared statements or parameterized queries can also help prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48914/info

Trading Marketplace script is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. 

http://www.example.com/selloffers.php?cid=[SQL]