CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-3447

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0100%
EPSS Percentile25.47th
Published2007年6月27日
Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.

Affected Platforms (CPE)

📦
Bugmall

Shopping Cart

All versions
📦
Bugmall

Shopping Cart

= 2.5

References & Advisories

🔗 http://osvdb.org/38223
🔗 http://secunia.com/advisories/25836
🔗 http://www.h4cky0u.org/viewtopic.php?t=26834
🔗 http://www.securityfocus.com/bid/24629
🔗 http://www.vupen.com/english/advisories/2007/2322
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/35039
🔗 https://www.exploit-db.com/exploits/4103
🔗 http://osvdb.org/38223

相关漏洞威胁

CVE-2004-034810.0

SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL...

CVE-2007-412110.0

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and A...

CVE-2000-025310.0

The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fiel...

CVE-2007-536410.0

Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows rem...