SQL Injection Vulnerability in Cyberstrong eShop 4.2 and Earlier: Remote Authentication Information Theft and Privilege Escalation

SQL Injection Vulnerability in Cyberstrong eShop 4.2 and Earlier: Remote Authentication Information Theft and Privilege Escalation

CVE-2003-0509 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.

Learn more about our Web Application Penetration Testing UK.