Home Tools Exploits & CVE's Active eCommerce CMS 6.5.0 SQL Injection

Active eCommerce CMS 6.5.0 SQL Injection

January 19, 2023

841

Authored by CraCkEr

Active eCommerce CMS version 6.5.0 suffers from a remote SQL injection vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││                                     C r a C k E r                                    ┌┘
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                  [ Vulnerability ]                                   ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:  Author   : CraCkEr                                                                    :
│  Website  : Activeitzone.com                                                           │
│  Vendor   : ActiveITzone                                                               │
│  Software : Active eCommerce CMS 6.5.0                                                 │
│  Vuln Type: SQL Injection                                                              │
│  Impact   : Database Access                                                            │
│                                                                                        │
│────────────────────────────────────────────────────────────────────────────────────────│
│                                                                                       ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                        :
│ Release Notes:                                                                         │
│ ═════════════                                                                          │
│                                                                                        │
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │
│ data and crash the application or make it unavailable, leading to lost revenue and     │
│ damage to a company's reputation.                                                      │
│                                                                                        │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                                                                      ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   

  CryptoJob (Twitter) twitter.com/CryptozJob

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                    © CraCkEr 2023                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /ecommerce/search

GET parameter 'keyword' is vulnerable to SQLI

https://www.website.com/ecommerce/search?selected_attribute_values%5B%5D=M&selected_attribute_values%5B%5D=Chenille&color=%23CD5C5C&keyword=G502[INJECT-HERE]


[-] Done

Active eCommerce CMS 6.5.0 SQL Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware

Qilin Ransomware Ranked Highest in April 2025 with Over 45 Data...

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization

POPULAR POSTS

Oracle Database Password Hash Unauthorized Access

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Authorities Claim LockBit Admin “LockBitSupp” Has Engaged with Law Enforcement

POPULAR CATEGORY

WordPress Blog2Social 6.9.11 Missing Authorization

VMWare Aria Operations For Networks Command Injection

SAP Enable Now Manager 10.6.5 Build 2804 Cloud Edition CSRF /...