CyberSec.Space Logo
Back to CVE Browser

CVE-2007-6466

HIGH
7.5
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile39.32th
PublishedDec 20, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.

Affected Platforms (CPE)

πŸ“¦
Freewebshop

Freewebshop

= 2.2.1

References & Advisories

πŸ”— http://newhack.org/advisories/FreeWebShop-2.2.1.txt
πŸ”— http://securityreason.com/securityalert/3468
πŸ”— http://www.securityfocus.com/bid/26886
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/39143
πŸ”— https://www.exploit-db.com/exploits/4739
πŸ”— https://www.exploit-db.com/exploits/4740
πŸ”— http://newhack.org/advisories/FreeWebShop-2.2.1.txt
πŸ”— http://securityreason.com/securityalert/3468

Related Vulnerabilities

CVE-2006-57727.5

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary S...

CVE-2007-05317.5

PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attacke...

CVE-2006-58466.4

Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitr...

CVE-2006-58476.1

Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary...