PT-2007-5323 · E Commerce Scripts · Multi-Vendor E-Shop Script+2

Published

2007-08-01

Updated

2018-10-15

CVE-2007-4121

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions E-Commerce Scripts Shopping Cart Script (affected versions not specified) Multi-Vendor E-Shop Script (affected versions not specified) Auction Script (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the EmailAdd (Username) and Pass (password) parameters in the "admin.aspx" page.

Recommendations For E-Commerce Scripts Shopping Cart Script, restrict access to the admin.aspx page until a fix is available. For Multi-Vendor E-Shop Script, avoid using the EmailAdd and Pass parameters in the affected page until the issue is resolved. For Auction Script, consider disabling the admin.aspx page as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4121

Affected Products

Auction Script

E-Commerce Scripts Shopping Cart Script

Multi-Vendor E-Shop Script

PT-2007-5323 · E Commerce Scripts · Multi-Vendor E-Shop Script+2

CVE-2007-4121

Related Identifiers

Affected Products

References · 7