2 matches found
Sql injection
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the scid parameter in a searchlist action, a different vector than CVE-2007-2549...
CVE-2007-2549
CVE-2007-2549 affects TurnKeyWebTools SunShop Shopping Cart 4.0. SQL injection in index.php via the (1) c or (2) quantity parameter allows remote attackers to execute arbitrary SQL commands. Root cause is unsanitized input in index.php that enables SQL commands to reach the database. The connecte...