2 matches found
CVE-2008-1907
Multiple SQL injection vulnerabilities in functions/displaypage.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the 1 idproduct, 2 idmanufacturer, and 3 idcategory parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and...
CVE-2007-2890
cpCommerce vulnerable to SQL injection in category.php (versions 1.1.0 and earlier). The flaw allows remote attackers to inject SQL via the id_category parameter, enabling arbitrary SQL execution. Documents do not specify the root cause details, affected software versions beyond 1.1.0, exploitabl...