CyberSec.Space Logo
Back to CVE Browser

CVE-2016-3694

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile21.10th
PublishedFeb 15, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php.

Affected Platforms (CPE)

πŸ“¦
Modified

Ecommerce Shopsoftware

= 2.0.0.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/136734/modified-eCommerce-2.0.0.0-Rev-9678-SQL-Injection.html
πŸ”— https://www.exploit-db.com/exploits/39710/
πŸ”— http://packetstormsecurity.com/files/136734/modified-eCommerce-2.0.0.0-Rev-9678-SQL-Injection.html
πŸ”— https://www.exploit-db.com/exploits/39710/

Related Vulnerabilities

CVE-2017-811010.0

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...