Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shop-script vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-4932
admin.php in Shop-Script FREE 2.0 and previous versions sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote malicious users to access the admin panel.
Shop-script Shop-script
1 EDB exploit
NA
CVE-2008-0158
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the aux_page parameter.
Shop-script Shop-script 2.0
1 EDB exploit
NA
CVE-2007-2331
PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 allows remote malicious users to execute arbitrary PHP code via a URL in the lang_list parameter.
Shop-script Shop-script 2.0
NA
CVE-2009-2023
SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the current_currency parameter.
Shop-script Shop-script 2.12
1 EDB exploit
NA
CVE-2007-4933
Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and previous versions allows remote malicious users to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated wit...
Shop-script Shop-script 2.0
1 EDB exploit
NA
CVE-2010-1464
Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-Script FREE allow remote malicious users to inject arbitrary web script or HTML via the (1) currency_id_left, (2) currency_id_right, (3) darkcolor, (4) lightcolor, (5) middlecolor, and (6) w parameters.
Webasyst Shop-script -
NA
CVE-2010-4859
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote malicious users to execute arbitrary SQL commands via the blog_id parameter in a news action.
Webasyst Shop-script
NA
CVE-2006-5566
CRLF injection vulnerability in premium/index.php in Shop-Script allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging...
Webasyst Llc Shop-script
1 EDB exploit
NA
CVE-2010-1462
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter.
Webasyst Llc Shop-script
NA
CVE-2007-1855
Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_class.php in Shop-Script FREE allow remote malicious users to execute arbitrary PHP code via a URL in the (1) _smarty_compile_path, (2) smarty_compile_path, (3) get_plugin_filepath, (4) smarty_dir, and (5) filena...
Webasyst Llc Shop-script
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »