Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2009-4571

Published: 05/01/2010 Updated: 10/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Phpshop

Vulnerability Summary

Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote malicious users to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681.

Vulnerable Product Search on Vulmon Subscribe to Product

phpshop phpshop 0.8.1

Exploits

Exploit DB: phpShop 2.0 - SQL Injection
# Exploit Title : phpshop 20 SQL Injection Vulnerability # Author : By onestree # Software Link : codegooglecom/p/phpshop/downloads/list # tested : windows 7 / ubuntu # Dork : inurl:"tanyakan pada rumput yang bergoyang" SQLi p0c: ================== localhost/phpshop 20/?page=admin/function_list&modul ...
Exploit DB: phpShop 0.8.1 - Multiple Vulnerabilities
************************************************************** Vendor: wwwphpshoporg/ Discovered By: Andrea Fabrizi Email: andreafabrizi@gmailcom Web: wwwandreafabriziit ************************************************************** ### SQL INJECTION server/phpshop-081/?page=admin/function_list&module_id=111111' u ...

References

CWE-89http://www.andreafabrizi.it/?exploits:phpshophttp://www.securityfocus.com/bid/37227http://secunia.com/advisories/31948https://exchange.xforce.ibmcloud.com/vulnerabilities/54584http://www.securityfocus.com/archive/1/508270/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/24108/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook