CyberSec.Space Logo
Back to CVE Browser

CVE-2006-5772

HIGH
7.5
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile5.46th
PublishedNov 6, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter.

Affected Platforms (CPE)

πŸ“¦
Freewebshop

Freewebshop

<= 2.2.1

References & Advisories

πŸ”— http://secunia.com/advisories/22664
πŸ”— http://www.freewebshop.org/index.php?id=27
πŸ”— http://www.vupen.com/english/advisories/2006/4332
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/29990
πŸ”— https://www.exploit-db.com/exploits/2704
πŸ”— http://secunia.com/advisories/22664
πŸ”— http://www.freewebshop.org/index.php?id=27
πŸ”— http://www.vupen.com/english/advisories/2006/4332

Related Vulnerabilities

CVE-2007-05317.5

PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attacke...

CVE-2007-64667.5

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands ...

CVE-2006-58466.4

Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitr...

CVE-2006-58476.1

Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary...