CandyPress Store suffers from SQL injection vulnerabilities.
3873c14784b5ff01a66ff1c793f3d10eea9977802e602cf1e4d5530136fb11a0
vendor site:http://www.candypress.com/
product:CandyPress Store
bug:injection sql
risk:medium
injection sql (get) :
http://site.com/sa3.5.2.14/scripts/openPolicy.asp?policy='[sql]
http://site.com/sa3.5.2.14/scripts/prodList.asp?brand='[sql]
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@gmail.com