All Products
Document Center

[Vulnerability notice] Second SQL injection vulnerability in ECMall

Last Updated: Apr 18, 2018

Vulnerability description

ECMall is a multi-user mall system. Due to lax filtering, ECMall 20140618 has an SQL injection vulnerability. In app/, goods_name is not escaped after the goods are delivered, resulting in second injection.

How to fix

Add a backslash () before the predefined character specified by the addslashes() function.