Home > E-Commerce, SQL Injection > osCommerce Visitor Web Stats Module “Accept-Language” SQLi

osCommerce Visitor Web Stats Module “Accept-Language” SQLi

June 21st, 2010

Application: osCommerce
Affected Version: version 3.2.1 and other versions.
Vendor’s URL: Visitor Web Stats Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

E-Commerce, SQL Injection

Comments are closed.