home\controls\cart.class.php The code constructs a SQL query by input from untrusted sources, looks at the code context, finds that the code constructs a new SQL query by querying the results from the database. With this call cookie_cart parameters, an attacker can modify the meaning of instructions or execute arbitrary SQL commands if he can control the contents of the database.
Product Home: http://www.uqcms.com/
demo page: https://b2b2c.uqcms.com/
version: 2.1.3
Vulnerability file: home\controls\cart.class.php
home\controls\cart.class.php The code constructs a SQL query by input from untrusted sources, looks at the code context, finds that the code constructs a new SQL query by querying the results from the database. With this call cookie_cart parameters, an attacker can modify the meaning of instructions or execute arbitrary SQL commands if he can control the contents of the database.
POC:
How to fix:https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
The text was updated successfully, but these errors were encountered: