CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3447

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0100%
EPSS Percentile25.47th
PublishedJun 27, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.

Affected Platforms (CPE)

πŸ“¦
Bugmall

Shopping Cart

All versions
πŸ“¦
Bugmall

Shopping Cart

= 2.5

References & Advisories

πŸ”— http://osvdb.org/38223
πŸ”— http://secunia.com/advisories/25836
πŸ”— http://www.h4cky0u.org/viewtopic.php?t=26834
πŸ”— http://www.securityfocus.com/bid/24629
πŸ”— http://www.vupen.com/english/advisories/2007/2322
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/35039
πŸ”— https://www.exploit-db.com/exploits/4103
πŸ”— http://osvdb.org/38223

Related Vulnerabilities

CVE-2004-034810.0

SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL...

CVE-2007-412110.0

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and A...

CVE-2000-025310.0

The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fiel...

CVE-2007-536410.0

Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows rem...