Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6466

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6466
Last Modified 05 Sep 2008 05:33:18
Published 19 Dec 2007 07:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6466

Summary

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.

Vulnerable Systems

Application

  • Freewebshop 2.2.1


References

XF - mogwebshop-index-sql-injection(39143)

BID - 26886

MILW0RM - 4740

MILW0RM - 4739

MISC - http://newhack.org/advisories/FreeWebShop-2.2.1.txt

SREASON - 3468


Last Updated: 27 May 2016 10:46:31