Check Point Advisories

update Protection against osCommerce SQL Injection Vulnerability

Check Point Reference: CPAI-2006-057
Date Published: 6 Jun 2006
Severity: Medium
Last Updated: Monday 07 May, 2007
Source: Secunia Advisory: SA10443
Protection Provided by:
Who is Vulnerable? osCommerce 2.x
Vulnerability Description A vulnerability has been identified in osCommerce, an online shopping cart application. The vulnerability can be exploited by attackers to manipulate SQL queries.
Vulnerability DetailsThe flaw resides in improper validation of the "country" parameter in various scripts including "create_account_process.php" and "account_edit_process.php". This can potentially be exploited to manipulate SQL queries.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK