Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote malicious users to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
affcommerce affcommerce 1.1.4 |