prestashop vuln: sql injection

2011-02-24T00:00:00
ID SECURITYVULNS:DOC:25778
Type securityvulns
Reporter Securityvulns
Modified 2011-02-24T00:00:00

Description

  1. Vulnerable software and vendor Prestashop verion: 1.3.3 - 0.246s

Vulnerable File Vulnerable Field category.php id_category cart.php id_product product.php id_product

  1. Vulnerability classification Sql Injection

  2. Vulnerability details (and reproduction steps, if you want to disclosure it). just inject ' and you get sql eror

  3. If vendor was notified or not. Yes, already fixed in 3.7.0