Bugtraq mailing list archives

prestashop vuln: sql injection submitted to bugtraq () securityfocus com

From: "Antonio S.M" <antonio_s_martino () yahoo es>
Date: Fri, 25 Feb 2011 06:44:07 +0000 (GMT)

Hello,
I am Antonio San Martino, i write you to incloude this sql injection 
vulnerabilities in your database. The vulnerable version is prestashop 1.3.3 and 
is vulnerable to sql injection

 Vulnerable software and vendor: Prestashop,  verion: 1.3.3 - 0.246s 


Sql Injection Vulnerabilities

 Vulnerable File  Vulnerable Field 
 category.php     id_category
 cart.php            id_product
 product.php       id_product



 Vulnerability  details:  just inject ' and you get sql eror 

Thanks so much.
Kind Regards

Current thread:

prestashop vuln: sql injection submitted to bugtraq () securityfocus com Antonio S.M (Feb 25)
- <Possible follow-ups>
- Re: prestashop vuln: sql injection submitted to bugtraq () securityfocus com nebojsa (Feb 28)