RSS   Vulnerabilities for 'Shopweezle'   RSS



index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter.



Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.


Copyright 2019,


Back to Top