Published: 12/02/2008 Updated: 15/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote malicious users to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpshop phpshop 0.8.1

# Exploit Title : phpshop 20 SQL Injection Vulnerability # Author : By onestree # Software Link : codegooglecom/p/phpshop/downloads/list # tested : windows 7 / ubuntu # Dork : inurl:"tanyakan pada rumput yang bergoyang" SQLi p0c: ================== localhost/phpshop 20/?page=admin/function_list&modul ...

Vendor : PHPShop Webiste : wwwphpshoporg Version : v081 Author: the redc0ders / theredc0ders[at]gmail[dot]com Condition: magic_quote_gpc = off , in phpini setting Details : ========== Vulnerable Code in indexphp near lines 98 - 128 [code] // basic SQL inject detection $my_insecure_array = array('keyword' => $_REQUEST['ke ...

CWE-89 http://www.securityfocus.com/bid/27570 http://securityreason.com/securityalert/3628 https://www.exploit-db.com/exploits/5041 http://www.securityfocus.com/archive/1/487435/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/24108/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-0681

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect