Home > Backend Development > PHP Tutorial > Multiple security vulnerabilities exist in PHPShop_PHP Tutorial

Multiple security vulnerabilities exist in PHPShop_PHP Tutorial

WBOY
Release: 2016-07-21 16:08:20
Original
1108 people have browsed it

Affected systems:

phpShop phpShop 0.6.1-b

Detailed description:

phpShop is an e-commerce program based on PHP that can be easily expanded. WEB function. There are multiple security issues in phpShop. Remote attackers can use these vulnerabilities to attack the database, obtain sensitive information, and execute arbitrary script code.

The specific problems are as follows:

1. SQL injection vulnerability:

There is a SQL injection problem when updating the session, which can be modified by submitting malicious SQL commands to the "page" variable. The original SQL logic also has the same problem when injecting the "product_id" and "offset" variables.

2. User information leakage vulnerability:

A large amount of customer information can be obtained by querying the "account/shipto" module. Administrator information may also be viewed if the user logs in with a legitimate account. This information includes the customer's address, company name and other information.

3. Cross-site scripting attack:

Multiple parameters lack adequate filtering of the URI parameters submitted by the user. Submitting data containing malicious HTML code can trigger a cross-site scripting attack, possibly Obtain sensitive information of target users.

Currently the manufacturer has not provided patches or upgrades.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/314876.htmlTechArticleAffected systems: phpShop phpShop 0.6.1-b Detailed description: phpShop is an e-commerce program based on PHP , which can easily expand WEB functions. phpShop has multiple security issues, remote attacks...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template