PT-2014-88: SQL Injection in ShopOS
Version: 2.5.9 and earlier
Severity level: High
Impact: SQL Injection
Access Vector: Remote
Base Score: 7.5
CVE: not assigned
ShopOS is a web content management system.
The specialists of the Positive Research center have detected SQL Injection vulnerability in ShopOS.
SQL Injection in the manager.php script allows remote attackers to execute arbitrary SQL commands via a specially crafted request.
How to fix
26.12.2013 - Vendor gets vulnerability details
29.12.2014 - Public disclosure
The vulnerability was detected by using Positive Technologies Application Inspector, the application security testing system
Reports on the vulnerabilities previously discovered by Positive Research: