RSS   Vulnerabilities for 'Shibby shop'   RSS

2008-06-26
 
CVE-2008-2882

CWE-264
 

 
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.

 
 
CVE-2008-2873

CWE-264
 

 
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.

 
 
CVE-2008-2872

CWE-89
 

 
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.

 

 >>> Vendor: Aspindir 24 Products
Xweblog
Aspee ziyaretci defteri
Hazirsite
Philboard
Husrevforum
Dersimiz haber ekleme modulu
Text file search
Angelo-emlak
Meto forum
Shibby shop
Pcshey portal
Mini nuke freehost
Munzursoft web portal w3
Ayco okul portali
Dizi portali
Iltaweb alisveris sistemi
Batmanportal
Shader tv
Mydesign sayac
Uranyumsoft listing service
Erolife ajxgaleri vt
Lookmer muzik portal
Krm haber
Kisisel radyo script


Copyright 2024, cxsecurity.com

 

Back to Top