PT-2010-3661 · Ecshop · Ecshop
Jannock
·
Publicado
2010-05-25
·
Atualizado
2010-05-26
·
CVE-2010-2042
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ECShop version 2.7.2
Description
A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the
encode parameter in the "search.php" endpoint.Recommendations
For ECShop version 2.7.2, update the software to a version that fixes this issue or restrict access to the "search.php" endpoint to minimize the risk of exploitation. As a temporary workaround, consider validating and sanitizing the
encode parameter to prevent malicious input.Exploit
Correção
RCE
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ecshop