2 matches found
CVE-2008-2114
The CVE-2008-2114 entry describes a SQL injection vulnerability in emall/search.php of Pre Shopping Mall 1.1, where the search parameter can be exploited by remote attackers to execute arbitrary SQL commands. The issue stems from improper handling/sanitization of user input in the search paramete...
CVE-2008-6232
The CVE-2008-6232 entry concerns Pre Shopping Mall, where remote attackers can bypass authentication and gain administrative access by manipulating cookies (adminname and adminid set to “admin”). The description specifies the vulnerable component is the authentication mechanism that trusts these ...