PCI error: Potentially Exploitable Database Error Message -- links_alias table

[srigari]

I am using 1.3.8a with installed the security patch.
I ran McAfee PCI test on the site. It reported a "Potentially Exploitable Database Error Message" error.

Details:

http ://www.salevalley.com/ad_click.asp/banner_id//'

error msg on the site

1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/%' ) ORDER BY length(link_alias) DESC' at line 1
in:
[SELECT DISTINCT link_url, link_alias FROM links_aliases WHERE (link_alias LIKE '%/ad_click.asp/%' OR link_alias LIKE '%/banner_id/%' OR link_alias LIKE '%//%' OR link_alias LIKE '%/'/%' ) ORDER BY length(link_alias) DESC]

Please help me to solve this.

[Merlinpa1969]

Please do a search for this
this is a false positive

[srigari]

I checked on other Zencart sites. I see "404 page not found" So the problem is specific to my site. One more thing I see is my site is not going to "404" at all, if I give a random text after the domain name , instead it is going to my home page.

[Kim]

What SEO add on are you using?

[srigari]

I checked on other Zencart sites. I see "404 page not found" So the problem is specific to my site. One more thing I see is my site is not going to "404" at all, if I give a random text after the domain name , instead it is going to my home page.

[srigari]

What SEO add on are you using?

I am using Simple SSU URL module. I checked other sites which are using the same module and I do not see this problem..

Looks like something I did somewhere is causing this problem.

The heading of this post "-- links_alias table" is a cut and paste problem. which I just removed. It should be just "Re: PCI error: Potentially Exploitable Database Error Message " This is how it is shown in McAfee error report. Sorry for the confusion.