Multiple SQL Injection in Classified Made Easy PHP Script

Description of Product

Classified made easy is an easy to use system which can be used as classified or any kind of listing website. Help, Installation & Update Instructions Here

Description of Vulnerabilities

There is a SQL injection in ajaxupload.php, the $_REQUEST['reid'] variable is used in a SQL query without proper escaping. There is another SQL injection in ajaxTest.php, where the $_GET['latlng'] can be exploited with injection,padding. There is a 3rd possible injection in the Paypal IPN handler where the Item Name is used in a query without escaping. I malicious user can make a purchase, set the Item Name to a SQL injection and when the callback occurs it will be executed.


I've contacted the vendor and he released a patched version with the version tag