RSS   Vulnerabilities for 'A-shop'   RSS

2007-07-20
 
CVE-2007-3937

 

 
Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

 
 
CVE-2007-3936

 

 
Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top