CVE-2015-1476 Information

Description

Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php or (2) username or (3) password parameter to __admin/index.php.

Reference

http://osvdb.org/show/osvdb/117569 http://osvdb.org/show/osvdb/117570 http://packetstormsecurity.com/files/130073/ecommerceMajor-SQL-Injection.html http://www.exploit-db.com/exploits/35878