Spiked

Name of the Vulnerable Software and Affected Versions: FreeWebshop versions 2.2.2 and earlier Description: The issue allows remote attackers to obtain sensitive information via an invalid `action` parameter in an `info` operation. This is achieved by exploiting the `index.php` file, which discloses the path in an error message. Recommendations: For FreeWebshop versions 2.2.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FreeWebshop versions 2.2.1 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `password` and `prod` parameters in the "index.php" endpoint. Recommendations: For FreeWebshop versions 2.2.1 and earlier, update to a version later than 2.2.1 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: FreeWebshop versions 2.2.1 and earlier Description: A directory traversal issue in index.php allows remote attackers to read arbitrary files and disclose the installation path by using a .. (dot dot) in the `action` parameter. Recommendations: For FreeWebshop versions 2.2.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.