SQL Exception thrown during product import

Disclosed: 2017-07-12 00:44:11 By pappan To shopify

Medium

Vulnerability Details

Possible SQL Injection was observed when a descriptive error message was thrown in a mail sent to the user while importing products from csv. Used some special characters in csv to induce the error. DATABASE FOUND TO BE MYSQL. {F192274}

Actions

View on HackerOne

Report Stats

Report ID: 237597
State: Closed
Substate: resolved
Upvotes: 12

SQL Exception thrown during product import

Vulnerability Details

Actions

Report Stats

Share this report