Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
osCommerce Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2019-25497 - Vulnerability Database
osCommerce

osCommerce Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2019-25497

High
Reference: CVE-2019-25497
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-25497
Title: osCommerce Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shopping_cart.php with malicious currency values using boolean-based SQL injection payloads to extract sensitive database information.