Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3412

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3412
Last Modified 29 Jan 2009 01:53:23
Published 31 Jul 2008 01:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3412

Summary

SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI.

Vulnerable Systems

Application

  • Ecshop Epshop 2.0.0

  • Ecshop Epshop 2.0.1

  • Ecshop Epshop 2.0.2

  • Ecshop Epshop 2.0.3

  • Ecshop Epshop 2.0.5

  • Ecshop Epshop 2.1.0

  • Ecshop Epshop 2.1.1

  • Ecshop Epshop 2.1.2

  • Ecshop Epshop 2.1.5


References

XF - epshop-pid-sql-injection(44025)

BID - 30387

MILW0RM - 6139

SREASON - 4090


Last Updated: 27 May 2016 10:48:12