PT-2008-2127 · Bigware · Bigware Shop

D4M14N

Published

2008-01-30

Updated

2017-09-29

CVE-2008-0498

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Bigware Shop version 2.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the pollid parameter in a results action to the "main bigware 53.php" endpoint.

Recommendations For Bigware Shop version 2.0, avoid using the pollid parameter in the "main bigware 53.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "main bigware 53.tpl.php" template to minimize the risk of exploitation.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-0498

Affected Products

Bigware Shop

PT-2008-2127 · Bigware · Bigware Shop

CVE-2008-0498

Weakness Enumeration

Related Identifiers

Affected Products

References · 7