PT-2010-3661 · Ecshop · Ecshop
Jannock
·
Published
2010-05-25
·
Updated
2010-05-26
·
CVE-2010-2042
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ECShop version 2.7.2
Description
A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the
encode parameter in the "search.php" endpoint.Recommendations
For ECShop version 2.7.2, update the software to a version that fixes this issue or restrict access to the "search.php" endpoint to minimize the risk of exploitation. As a temporary workaround, consider validating and sanitizing the
encode parameter to prevent malicious input.Exploit
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ecshop