CVE-2007-6466

Published: 20/12/2007 Updated: 29/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote malicious users to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freewebshop freewebshop 2.2.1

#!/usr/bin/perl # # Indonesian Newhack Security Advisory # ------------------------------------ # MOG-WebShop => ? - Multiple Remote SQL Injection Vulnerabilities # Waktu : Dec 15 2007 11:45AM # Software : MOG-WebShop | mog-sitecom/indexphp?act=product&po=detil&id=3 # Vendor : mog-sitecom/ ...

#!/usr/bin/perl # # Indonesian Newhack Security Advisory # ------------------------------------ # FreeWebshop version 221 - Multiple Remote SQL Injection Vulnerabilities # Waktu : Dec 16 2007 01:50AM # Software : FreeWebshop version 221 # Vendor : wwwfreewebshoporg/ # Demo Site : wwwfreewebshoporg/demo/ # Ditemukan ol ...

CWE-89 http://newhack.org/advisories/FreeWebShop-2.2.1.txt http://www.securityfocus.com/bid/26886 http://securityreason.com/securityalert/3468 https://exchange.xforce.ibmcloud.com/vulnerabilities/39143 https://www.exploit-db.com/exploits/4740 https://www.exploit-db.com/exploits/4739 https://nvd.nist.gov https://www.exploit-db.com/exploits/4739/

CVE-2007-6466

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect