CVE-2010-1327 Information

Description

Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.

Reference

http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-sql-injection-0106.php http://www.securityfocus.com/bid/41233 https://exchange.xforce.ibmcloud.com/vulnerabilities/59950