CVE-2009-4571

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-4571
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/31948 Vendor Advisory
http://www.andreafabrizi.it/?exploits:phpshop Exploit
http://www.securityfocus.com/archive/1/508270/100/0/threaded
http://www.securityfocus.com/bid/37227 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/54584
http://secunia.com/advisories/31948 Vendor Advisory
http://www.andreafabrizi.it/?exploits:phpshop Exploit
http://www.securityfocus.com/archive/1/508270/100/0/threaded
http://www.securityfocus.com/bid/37227 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/54584
Configurations

Configuration 1 (hide)

cpe:2.3:a:phpshop:phpshop:0.8.1:*:*:*:*:*:*:*
History

21 Nov 2024, 01:09

Type Values Removed Values Added
References () http://secunia.com/advisories/31948 - Vendor Advisory () http://secunia.com/advisories/31948 - Vendor Advisory
References () http://www.andreafabrizi.it/?exploits:phpshop - Exploit () http://www.andreafabrizi.it/?exploits:phpshop - Exploit
References () http://www.securityfocus.com/archive/1/508270/100/0/threaded - () http://www.securityfocus.com/archive/1/508270/100/0/threaded -
References () http://www.securityfocus.com/bid/37227 - Exploit () http://www.securityfocus.com/bid/37227 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/54584 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/54584 -
Information

Published : 2010-01-05 19:00

Updated : 2024-11-21 01:09

NVD link : CVE-2009-4571

Mitre link : CVE-2009-4571

CVE.ORG link : CVE-2009-4571

JSON object : View

Products Affected

phpshop

  • phpshop
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024