Описание
Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-1706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25723
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25724
- http://pridels0.blogspot.com/2006/04/shopweezle-20-multiple-vuln.html
- http://secunia.com/advisories/19593
- http://www.osvdb.org/24470
- http://www.osvdb.org/24471
- http://www.osvdb.org/24472
- http://www.osvdb.org/24473
- http://www.securityfocus.com/bid/17441
- http://www.vupen.com/english/advisories/2006/1291
EPSS
CVE ID
Связанные уязвимости
Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
EPSS