There are several security vulnerabilities PHPShop
phpShop phpShop 0.6.1-b
phpShop is a PHP-based e-commerce process to facilitate the expansion of WEB function. phpShop there are several security issues, remote attacker could exploit these vulnerabilities to attack the database, access to sensitive information, execute arbitrary script code.
Specific questions are as follows:
1, SQL injection vulnerabilities:
When the update session SQL injection when there is a problem, can "page" variable malicious SQL commands to submit and amend the original SQL logic, the same on the "product_id" and "offset" variables into the same problems also exist.
2, user information disclosure vulnerability:
Through the query "account / shipto" module, will be a large number of customer information. If the user to a legitimate account, the administrator may view the information. This information includes customer's address, company name, etc. information.
3, the implementation of cross-site scripting attacks:
A number of parameters on the URI parameters of the user submitted the lack of adequate filtration, submitted to malicious HTML code that contains data that can lead to trigger cross-site scripting attacks, may be the target user's sensitive information.
At present, manufacturers have not provided a patch or upgrade.
php other Articles
- PHP script of 8 skills (5) of the user authentication using PHP
- PHP script of 8 skills (6) PHP and COM
- PHP-Web Application Development: Using templates
- Chinese name of Chinese characters to allow development
- Regular expression syntax opened the mystery
- Template used to deal with the phplib7.2 multiple nested BLOCK
- The use of combination of PHP and HTML form to visit more than a single form value
- PHP development with robust code (a): Introduction from a strategically advantageous position
- PHP development with robust code (b): effective use of variable
- PHP with expat Analysis Toolkit XML
- PHP code used to achieve functional
- Described in the PHP-point method using "mapping" in Chinese
- PHP development with robust code (c): the preparation of reusable function
- SMARTY template engine
- PHP security and related
- PHP function used to solve SQL injection
- MVC model to achieve the PHP
- Class on the PHP in the views of a few individuals
- php and php code optimization related issues summary
- There are several security vulnerabilities PHPShop
Can't Find What You're Looking For?
Rating: Not yet rated