CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-6466

HIGH
7.5
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile39.32th
Published2007年12月20日
Last Modified2026年4月23日

Vulnerability Description

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.

Affected Platforms (CPE)

📦
Freewebshop

Freewebshop

= 2.2.1

References & Advisories

🔗 http://newhack.org/advisories/FreeWebShop-2.2.1.txt
🔗 http://securityreason.com/securityalert/3468
🔗 http://www.securityfocus.com/bid/26886
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/39143
🔗 https://www.exploit-db.com/exploits/4739
🔗 https://www.exploit-db.com/exploits/4740
🔗 http://newhack.org/advisories/FreeWebShop-2.2.1.txt
🔗 http://securityreason.com/securityalert/3468

関連する脆弱性情報

CVE-2006-57727.5

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary S...

CVE-2007-05317.5

PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attacke...

CVE-2006-58466.4

Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitr...

CVE-2006-58476.1

Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary...