Description
Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.
Exploits (1)
References (4)
Core 4
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/35878
Exploit x_refsource_misc
http://packetstormsecurity.com/files/130073/ecommerceMajor-SQL-Injection.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/117569
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/117570
Scores
EPSS
0.0096
EPSS Percentile
76.6%
Details
CWE
CWE-89
Status
published
Products (1)
ecommercemajor_project/ecommercemajor
Published
Feb 04, 2015
Tracked Since
Feb 18, 2026