Secunia
Login
|
|
|
|
|
|
|
|
|
MultiShop CMS SQL Injection Vulnerabilities
Release Date: 2010-05-27 Last Update: 2010-06-07 Views: 2,417
Secunia Advisory SA39958
Where:
From remote
Impact:
Manipulation of data,
Solution Status:
Unpatched
CVE Reference(s):
Description
Some vulnerabilities have been reported in the Multishop CMS, which can be exploited by malicious people to conduct SQL injection attacks.
1) Input passed via the "id" parameter to pages.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed via the "itemid" parameter to itemdetail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Solution:
Filter malicious characters and character sequences using a proxy.
Provided and/or discovered by:
1) Newbie_Campuz
2) CoBRa_21
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: MultiShop CMS SQL Injection Vulnerabilities
|
No posts yet |
|
You must be logged in to post a comment. |
