Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0738


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0738
Last Modified 20 Aug 2009 01:13:16
Published 12 Feb 2008 08:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Multiple SQL injection vulnerabilities in CandyPress (CP), and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to (c) ajax/ajax_tableFields.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Systems


  • Shoppingtree Candypress Store 4.1

  • Shoppingtree Candypress Store


VUPEN - ADV-2008-0314


SECUNIA - 28662

Last Updated: 27 May 2016 10:46:54