2 matches found
Sql injection
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the 1 moduleid parameter in an admin/functionlist action, the 2 vendorid parameter in a vendor/vendorform action, the 3 moduleid parameter in an admin/moduleform actio...
CVE-2008-0681
CVE-2008-0681 affects PHPShop 0.8.1, where the index.php product_id parameter in the shop/flypage action is not properly sanitized, enabling SQL injection. A remote attacker could issue arbitrary queries to control the database, with exploit feasibility depending on php.ini setting: if magic_quot...