LandShop 0.6.3 ls.php Multiple Parameter SQL Injection

ID SSV:82495
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

LandShop is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application, and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.[sql][sql][sql][sql] =/PATH/action/ls.php?lang=en&action=list&CAT_ID=1&keyword=1&infield=[sql]