Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tornadostore tornadostore |