AlegroCart 1.2.8: SQL Injection

Posted by Curesec Research Team (CRT) on Nov 14

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: AlegroCart 1.2.8
Fixed in: Patch AC128_fix_17102015
Path Link: http://forum.alegrocart.com/download/file.php?id=1040
Vendor Website: http://alegrocart.com/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 09/29/2015
Disclosed to public: 11/13/2015
Release mode: Coordinated release
CVE:…

Leave a Reply