1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA31382

PowerGap Shopsystem "ag" SQL Injection Vulnerability

Report ID: SA31382
Source: Secunia
Date of Discovery: 08.08.2008
Criticality: Moderate
Affects:
PowerGap Shopsystem
Compromise From: From remote
Compromise Type: Manipulation of data

Summary

A vulnerability in PowerGap Shopsystem, which can be exploited by malicious people to conduct SQL injection attacks.

Detailed Description

A vulnerability in PowerGap Shopsystem, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "ag" parameter in s03.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation may require that "magic_quotes_gpc" is disabled.

Solution

According to the vendor this vulnerability has been fixed since 2006.