Multiple SQL Injection and XSS in Application

Description

Multiple instances of SQL injection (Blind/Error) and XSS in application.

SQL injection in admin area.

Environment

None

Steps to reproduce

Available on request

Example of SQL injection below

http://localhost/catalog/admin/index.php/1' - - Returns error

Assignee

Michael Sasek

Reporter

vekt0r

Labels

None

Severity

Crash

Components

Fix versions

Affects versions

Priority

Configure