[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-0134Date: (C)2007-01-09   (M)2023-12-22


Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/456043/100/0/threaded
http://www.attrition.org/pipermail/vim/2007-June/001664.html
http://www.securityfocus.com/archive/1/471722/100/0/threaded
BID-21875
SECUNIA-23604
EXPLOIT-DB-3083
OSVDB-33387
OSVDB-33388
ADV-2007-0056
http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt
igshop-cartpage-code-execution(31301)

CWE    1
CWE-94

© SecPod Technologies