Filter by tag: abantecart

AbanteCart 1.2.8 - Multiple SQL Injections

8 min read 21 Dec 2016 by Martin Bednorz
In our 21st advent calendar gift, we cover AbanteCart, a very popular e-commerce solution that just turned 5 years old last month. RIPS found multiple SQL injections, PHP object injections, and the complementary cross-site scriptings so that the more severe vulnerabilities can be exploited. Interestingly, the AbanteCart website was defaced just moments before we send out our analysis report to the development team.