2 matches found
osCommerce Visitor Web Stats AddOn - Accept-Language Header SQL Injection
osCommerce Visitor Web Stats AddOn - Accept-Language Header SQL Injection source: https://www.securityfocus.com/bid/40425/info osCommerce Visitor Web Stats is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...
SQL injection in OSCommerce Add-On Visitor Web Stats
Popular OSC add-on Visitor Web Stats is completely vulnerable to SQL injections. Although it uses request data i. e. the Accept-Language header, there's no escaping at all. This also applies to the extension's derivative for OSC 3, who's author completely inherited the insufficient code structure...