PT-2005-2234 · Ecommpro · Ecommpro
C0D3R
+1
·
Published
2005-04-22
·
Updated
2024-02-14
·
CVE-2005-1221
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
EcommPro version 3.0
Description
The issue allows remote attackers to execute arbitrary SQL commands via the
password field in the login.asp file. This can potentially lead to unauthorized access and data manipulation.Recommendations
For EcommPro version 3.0, consider validating and sanitizing user input in the
password field to prevent SQL injection attacks. As a temporary workaround, restrict access to the login.asp file until a proper fix is applied.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ecommpro