Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4121

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-4121
Last Modified 05 Sep 2008 05:27:27
Published 01 Aug 2007 12:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4121

Summary

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • E-commerce Solutions Auction Script

  • E-commerce Solutions Multi-vendor E-shop Script

  • E-commerce Solutions Shopping Cart Script


References

XF - ecommerce-admin-sql-injection(35680)

BID - 25125

BUGTRAQ - 20070728 E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL

SECUNIA - 26277

MISC - http://outlaw.aria-security.info/?p=11

SREASON - 2944


Last Updated: 27 May 2016 10:45:46