cancel
Showing results for 
Search instead for 
Did you mean: 

sql injection?

sql injection?

Hello, 

 

I found today in the admin panel of my 1.9.2.4 the latest 5 searches as follows:

 

vSun /*!00000UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL*/-- THmX

 

When I type this in the search box on the website it returns 12 products. 

 

I upgrades to latest 1.9.3.1 today and again when I paste the upper it returns 12 products.

 

Any ideas?

Tags (1)