CVE-2006-7170 Information

Description

Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t (2) productId (3) sk (4) x or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.

Reference

http://marc.info/?l=bugtraq&m=116343783720459&w=2 http://www.securityfocus.com/bid/21072 https://exchange.xforce.ibmcloud.com/vulnerabilities/30214