PT-2006-4294 · Virtuastore · Virtuastore

Published

2006-07-06

Updated

2017-07-20

CVE-2006-3402

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions VirtuaStore version 2.0

Description The issue allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in. This is achieved by exploiting a SQL injection vulnerability.

Recommendations For VirtuaStore version 2.0, consider restricting access to the login functionality until a patch is available, and avoid using the password parameter in a way that could facilitate SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3402

Affected Products

Virtuastore

PT-2006-4294 · Virtuastore · Virtuastore

CVE-2006-3402

Related Identifiers

Affected Products

References · 5