PHPShop has multiple security vulnerabilities _ PHP Tutorial

PHPShop has multiple security vulnerabilities. Affected system: phps?phps=0.6.1-B details: phpShop is a PHP-based e-commerce program that can easily expand WEB functions. PhpShop has multiple security issues and remote attacks are affected by the system:

PhpShop 0.6.1-B

Detailed description:

PhpShop is a PHP-based e-commerce program that can easily expand WEB functions. PhpShop has multiple security issues. remote attackers can exploit these vulnerabilities to attack the database, obtain sensitive information, and execute arbitrary script code.

The specific problems are as follows:

1. SQL injection vulnerability:

When updating a session, there is an SQL injection problem. you can submit malicious SQL commands to the "page" variable to modify the original SQL logic, the same problem also exists when injecting the "product_id" and "offset" variables.

2. user information leakage vulnerability:

You can obtain a large amount of customer information by querying the "account/shipto" module. If you log on with a valid account, you may also view the administrator information. This information includes the customer's address, company name, and so on.

3. cross-site scripting attacks:

Multiple parameters do not fully filter the URI parameters submitted by users. submitting data containing malicious HTML code can trigger cross-site scripting attacks and obtain sensitive information of target users.

Currently, the vendor has not provided patches or upgrade programs.

PhpShop 0.6.1-B: phpShop is a PHP-based e-commerce program that can easily expand WEB functions. PhpShop has multiple security issues and remote attacks...