Description
SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried.
Affected products
References
- MISChttp://www.osvdb.org/28618
- MISChttp://www.securityfocus.com/bid/19074
- MISChttp://www.securityfocus.com/archive/1/440848/100/100/threaded
- MISChttp://securityreason.com/securityalert/1255
- MISChttp://securitytracker.com/id?1016538
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/27846
- MISChttp://www.securityfocus.com/archive/1/440589/100/0/threaded