SecPod Research Team member (Antu Sanadi) has found an SQL Injection Vulnerabilities in NetArt Media iBoutique. The vulnerability is caused by improper validation of ‘key’ parameter in ‘/index.php’. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
More information can be found here.
Welcome any feedback or suggestion.
Cheers!
SecPod Research Team