cpe:/a:shopex:ecshop:2.7.2 CVE-2010-2042 2010-05-25T10:30:01.890-04:00 2010-05-26T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-05-26T11:53:00.000-04:00 EXPLOIT-DB 12702 SECUNIA 39930 BID 40338 MISC http://packetstormsecurity.org/1005-exploits/ecshopsearch-sql.txt SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information.