4 matches found
CVE-2007-1855
CVE-2007-1855 describes multiple PHP remote file inclusion vulnerabilities in Shop-Script FREE, specifically in smarty/smarty_class.php, enabling an attacker to execute arbitrary PHP code by supplying a URL to one of five parameters (_smarty_compile_path, smarty_compile_path, get_plugin_filepath,...
CVE-2010-1462
CVE-2010-1462 affects WebAsyst Shop-Script FREE and is a directory traversal vulnerability exploitable through the sub parameter. The known impact is described as unknown in the CVE entry; the NVD entry lists a base score of 10.0 (HIGH) with network attack vector and complete impact on confidenti...
CVE-2010-1463
CVE-2010-1463 concerns multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE. According to the NVD entry, an attacker can execute arbitrary SQL commands through a set of parameters: add2cart, c_id, categoryID, list_price, name, new_offer, price, product_code, productID, rating, and ...
CVE-2006-5566
CRLF injection vulnerability (CVE-2006-5566) in Shop-Script’s premium/index.php allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via CRLF sequences in the following parameters: links_exchange, news, search_with_change_category_ability, logging, feedback...