edit-icon download-icon

[Vulnerability notice] Second SQL injection vulnerability in ECMall

Last Updated: Apr 18, 2018

Vulnerability description

ECMall is a multi-user mall system. Due to lax filtering, ECMall 20140618 has an SQL injection vulnerability. In app/cart.app.php, goods_name is not escaped after the goods are delivered, resulting in second injection.

How to fix

Add a backslash () before the predefined character specified by the addslashes() function.

Thank you! We've received your feedback.