[原文]** DISPUTED ** SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried."
AFCommerce Shopping Cart Search Field SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
AFCommerce Shopping Cart has been reported to contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is supposedly due to the search functionality not properly sanitizing user-supplied input. However, the vendor has disputed this after additional testing stating that input is sanitized and there is no indication of injection ability.
The vulnerability reported is incorrect. No solution required.