14 matches found
EUVD-2006-7152
Malware in sbrugna...
EUVD-2006-7153
Malware in sbrugna...
Mega Mall product_review.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21072/info Megamail is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
CVE-2006-7171
productreview.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x parameter...
CVE-2006-7170
Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the 1 t, 2 productId, 3 sk, 4 x, or 5 so parameter to a productreview.php; or the 6 orderNo parameter to b order-track.php...
CVE-2006-7170
Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the 1 t, 2 productId, 3 sk, 4 x, or 5 so parameter to a productreview.php; or the 6 orderNo parameter to b order-track.php...
CVE-2006-7171
productreview.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x parameter...
CVE-2006-7171
CVE-2006-7171 affects Koan Software Mega Mall. The vulnerability occurs in product_review.php, where remote attackers can cause disclosure of the installation path by sending a request with an empty value for the x[] parameter. The provided documents do not specify affected versions, root cause d...
CVE-2006-7170
CVE-2006-7170 describes multiple SQL injection vulnerabilities in Koan Software Mega Mall. The affected components are the PHP scripts (a) product_review.php via parameters t, productId, sk, x, or so, and (b) order-track.php via parameter orderNo. The root cause is unsafely concatenated SQL in th...
megamallSQL.txt
vendor site: http://products.kaonsoftwares.com/ product: mega-mall bug:injection sql & full path disclosure language: asp risk: high injection sql get: http://site.com/mega-mall/productreview.php?t=sql http://site.com/mega-mall/productreview.php?t=0&productId=sql...
Mega Mall [ multiples injection sql & full path disclosure ]
vendor site: http://products.kaonsoftwares.com/ product: mega-mall bug:injection sql & full path disclosure language: asp risk: high injection sql get: http://site.com/mega-mall/productreview.php?t=sql http://site.com/mega-mall/productreview.php?t=0&productId=sql...
Mega Mall - order-track.php?orderNo SQL Injection
Mega Mall - order-track.php?orderNo SQL Injection source: https://www.securityfocus.com/bid/21072/info Megamail is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...
Mega Mall - 'product_review.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/21072/info Megamail is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...
Mega Mall - 'order-track.php?orderNo' SQL Injection
source: https://www.securityfocus.com/bid/21072/info Megamail is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...