Phpshop Phpshop 0.6.1-b
Detailed Description:
Phpshop is a PHP-based e-commerce program that can easily extend Web functionality. Phpshop has multiple security issues that can be exploited by remote attackers to attack a database, gain sensitive information, and execute arbitrary script code.
The specific questions are as follows:
1. SQL Injection Vulnerability:
There is a SQL injection problem when updating a session, and you can modify the original SQL logic by submitting a malicious SQL command to a "page" variable, as well as injecting "product_id" and "offset" variables.
2. User Information Disclosure Vulnerability:
A large number of customer information can be obtained by querying the "Account/shipto" module. You may also view administrator information if the user is logged on as a legitimate account. This information includes the customer's address, company name, and so on.
3. Cross-site script execution attack:
Multiple parameters lack sufficient filtering of the URI parameters submitted by the user, submitting data containing malicious HTML code, which can lead to a cross-site scripting attack, potentially obtaining sensitive information from the target user.
At present, the manufacturer has not provided patches or upgrade procedures.
http://www.bkjia.com/PHPjc/314876.html www.bkjia.com true http://www.bkjia.com/PHPjc/314876.html techarticle Affected System: Phpshop phpshop 0.6.1-b Detailed Description: Phpshop is a PHP-based e-commerce program that can easily extend the Web functionality. Phpshop There are multiple security issues, remote attacks ...
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
