Storefront contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the id variable in the login.asp module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
Upgrade to version 5.0 build 50.4014 or 6.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
StoreFront Shopping Cart is affected by an SQL injection vulnerability. The vulnerability affects the 'login.asp' script.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
StoreFront Shopping Cart 5.0 is affected by this vulnerability.
An exploit is not required.
The following proof of concept example is available: Email id: firstname.lastname@example.org Password: ' or '='
Storefront versions 50.4014 and subsequent versions are not affected by this issue. Please contact the vendor to obtain fixes.