CVE-2007-0134
8.2 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.086 Low
EPSS
Percentile
94.4%
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.
| CPE | Name | Operator | Version |
|---|---|---|---|
| igeneric:ig_shop | igeneric ig shop | eq | 1.4 |
| igeneric:ig_shop | igeneric ig shop | eq | 1.0 |
References
osvdb.org/33387
osvdb.org/33388
packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt
secunia.com/advisories/23604
www.attrition.org/pipermail/vim/2007-June/001664.html
www.securityfocus.com/archive/1/456043/100/0/threaded
www.securityfocus.com/archive/1/471722/100/0/threaded
www.securityfocus.com/bid/21875
www.vupen.com/english/advisories/2007/0056
exchange.xforce.ibmcloud.com/vulnerabilities/31301
www.exploit-db.com/exploits/3083
8.2 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.086 Low
EPSS
Percentile
94.4%