PT-2007-3851 · Minh Nguyen Duong Obie · Minh Nguyen Duong Obie Website Mini Web Shop 2

Published

2007-05-09

Updated

2018-10-16

CVE-2007-2532

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Minh Nguyen Duong Obie Website Mini Web Shop 2 (affected versions not specified)

Description The issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO (query string) to specific PHP files, including sendmail.php and order form.php. This can be achieved through different vectors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2532

Affected Products

Minh Nguyen Duong Obie Website Mini Web Shop 2

PT-2007-3851 · Minh Nguyen Duong Obie · Minh Nguyen Duong Obie Website Mini Web Shop 2

CVE-2007-2532

Related Identifiers

Affected Products

References · 9