Title: eStore Login.PHP SQL Injection Vulnerability
Severity: HIGH
Description:
eStore is a web based e-commerce store implemented in PHP and MySQL.
eStore login.php has been reported prone to an SQL Injection Vulnerability.
It has been reported that the login.php script contained in the eStore software fails to sufficiently sanitize user input. Input passed as the 'user' URI parameter, to this file is used to construct SQL queries, which are passed to the underlying database for execution. By embedding SQL commands in input passed to this script, a remote attacker may influence SQL query logic. Although unconfirmed, this may allow the attacker to bypass authentication methods. Other attacks, including attacks on the underlying database may also be possible.
Affected Products:
- Brooky eStore 1.0.1
- Brooky eStore 1.0.2
- Brooky eStore 1.0.2b
References:
- Brooky: eStore Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
