vendor:
Trading Marketplace Script
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Trading Marketplace Script
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Unknown
Unknown
SQL Injection in Trading Marketplace Script
The Trading Marketplace script is vulnerable to SQL injection due to insufficient input sanitization. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'cid' parameter of the 'selloffers.php' page.
Mitigation:
To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques. Using prepared statements or parameterized queries can also help prevent SQL injection attacks.