Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3768

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3768
Last Modified 29 Jan 2009 01:54:22
Published 22 Aug 2008 12:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3768

Summary

Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors.

Vulnerable Systems

Application

  • Turnkeywebtools Sunshop Shopping Cart 4.0.0

  • Turnkeywebtools Sunshop Shopping Cart 4.0.1

  • Turnkeywebtools Sunshop Shopping Cart 4.0.2

  • Turnkeywebtools Sunshop Shopping Cart 4.0.3

  • Turnkeywebtools Sunshop Shopping Cart 4.0.4

  • Turnkeywebtools Sunshop Shopping Cart 4.0.5

  • Turnkeywebtools Sunshop Shopping Cart 4.0.6

  • Turnkeywebtools Sunshop Shopping Cart 4.0.7

  • Turnkeywebtools Sunshop Shopping Cart 4.0.8

  • Turnkeywebtools Sunshop Shopping Cart 4.0.9

  • Turnkeywebtools Sunshop Shopping Cart 4.1.0

  • Turnkeywebtools Sunshop Shopping Cart 4.1.1

  • Turnkeywebtools Sunshop Shopping Cart 4.1.2

  • Turnkeywebtools Sunshop Shopping Cart 4.1.3

  • Turnkeywebtools Sunshop Shopping Cart 4.1.4


References

SECUNIA - 31539

XF - sunshopshoppingcart-classajax-sql-injection(44553)

BID - 30751

BUGTRAQ - 20080818 SunShop <= 4.1.4 SQL Injection

MILW0RM - 6273

MISC - http://www.gulftech.org/?node=research&article_id=00125-08182008

SREASON - 4180

CONFIRM - http://demos.turnkeywebtools.com/ss4/docs/change_log.txt


Last Updated: 27 May 2016 10:48:18