SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
References
Link | Resource |
---|---|
http://secunia.com/advisories/31506 | Vendor Advisory |
http://www.securityfocus.com/bid/30692 | Exploit |
http://www.securityfocus.com/bid/31319 | Exploit |
http://www.vupen.com/english/advisories/2008/2507 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/44472 | |
https://www.exploit-db.com/exploits/6398 |
Configurations
History
No history.
Information
Published : 2009-01-05 16:30
Updated : 2024-02-28 11:21
NVD link : CVE-2008-5838
Mitre link : CVE-2008-5838
CVE.ORG link : CVE-2008-5838
JSON object : View
Products Affected
ephpscripts
- e-shop_shopping_cart
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')