IGeneric Free Shopping Cart 1.4 - SQL Injection

EDB-ID:

23770

CVE:

N/A




Platform:

PHP

Date:

2004-03-01


source: https://www.securityfocus.com/bid/9771/info

It has been reported that iGeneric Free Shopping Cart is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters

As a result of this issue a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It has been conjectured that an attacker may be able to disclose user password hashes by exploiting this issue. This issue may also be leveraged to exploit latent vulnerabilities within the database itself. 

page.php?page_type=catalog_products&type_id[]='[SQL-Injection]&SESSION_ID={SESSION_ID}&SESSION_ID=