CVE-2015-1476

Name of the Vulnerable Software and Affected Versions xlinkerz ecommerceMajor (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the productbycat parameter to "product.php", or the username or password parameters to " admin/index.php".

Recommendations As a temporary workaround, consider restricting access to the "product.php" and " admin/index.php" scripts until a patch is available. Avoid using the productbycat, username, and password parameters in the affected scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.