CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-3694

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile21.10th
Published2017年2月15日
Last Modified2026年5月13日

Vulnerability Description

Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php.

Affected Platforms (CPE)

📦
Modified

Ecommerce Shopsoftware

= 2.0.0.0

References & Advisories

🔗 http://packetstormsecurity.com/files/136734/modified-eCommerce-2.0.0.0-Rev-9678-SQL-Injection.html
🔗 https://www.exploit-db.com/exploits/39710/
🔗 http://packetstormsecurity.com/files/136734/modified-eCommerce-2.0.0.0-Rev-9678-SQL-Injection.html
🔗 https://www.exploit-db.com/exploits/39710/

相关漏洞威胁

CVE-2017-811010.0

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...