Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3594

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3594
Last Modified 18 Mar 2009 01:40:48
Published 11 Aug 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3594

Summary

SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.

Vulnerable Systems

Application

  • Magicscripts E-store Kit-1

  • Magicscripts E-store Kit-2


References

XF - estorekit-viewdetails-sql-injection(44159)

BID - 30524

MILW0RM - 6193

SREASON - 4139

SECUNIA - 31273


Last Updated: 27 May 2016 10:48:14