PT-2002-2881 · 123Tkshop · 123Tkshop
Published
2002-12-31
·
Updated
2008-09-05
·
CVE-2002-2168
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
123tkShop versions prior to 0.3.1
Description:
A SQL injection issue allows remote attackers to execute arbitrary SQL queries. This is possible via various programs, including the function describe item1.inc.php file.
Recommendations:
For versions prior to 0.3.1, update to version 0.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the function describe item1.inc.php file until the update is applied.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
123Tkshop