SQL injection vulnerability in VirtuaStore 2.0 allows remote malicious users to execute arbitrary SQL commands via the password parameter when logging in.
source: wwwsecurityfocuscom/bid/18790/info
VirtuaStore is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in SQL queries
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying databas ...