Vote count:
0
I have a Magento CE store. It recently failed a PCI compliance scan with the following error message:
Integer based SQL injection vulnerability in REST-style parameter to /checkout/cart/add/uenc/aHR0cDovL3d3d................ndWF2YS5odG1s/product
The explanation of the error said: When a web application uses user- supplied input parameters within SQL queries without first checking them for unexpected characters, it becomes possible for an attacker to manipulate the query.
I know Magento uses URIs similar to the one above when you add a product to the cart. Any suggestions on how to secure the site?
thanks
asked 44 secs ago
PCI Scan fails for Integer based SQL injection
http://www.thesjg.com/2016/04/magento-integer-based-sql-injection-vulnerability-product-parameter/
RépondreSupprimer