Shop-Script FREE Multiple Remote Vulnerabilities
BID:25695
Info
Shop-Script FREE Multiple Remote Vulnerabilities
| Bugtraq ID: | 25695 |
| Class: | Unknown |
| CVE: |
CVE-2007-4933 CVE-2007-4932 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 17 2007 12:00AM |
| Updated: | Jul 05 2016 10:00PM |
| Credit: | Raz0r is credited with the discovery of this vulnerability. |
| Vulnerable: |
Shop-Script Shop-Script Free 2.0 |
| Not Vulnerable: | |
Discussion
Shop-Script FREE Multiple Remote Vulnerabilities
Shop-Script FREE is prone to multiple remote vulnerabilities, including an authentication-bypass issue and multiple arbitrary-code-execution vulnerability.
An attacker can exploit these issues to gain administrative access to the application and execute arbitrary PHP code within the context of the webserver process.
This issue affects Shop-Script FREE 2.0; other versions may also be affected.
Shop-Script FREE is prone to multiple remote vulnerabilities, including an authentication-bypass issue and multiple arbitrary-code-execution vulnerability.
An attacker can exploit these issues to gain administrative access to the application and execute arbitrary PHP code within the context of the webserver process.
This issue affects Shop-Script FREE 2.0; other versions may also be affected.
Exploit / POC
Shop-Script FREE Multiple Remote Vulnerabilities
An attacker can exploit this issue through a browser.
The following exploit code is available:
An attacker can exploit this issue through a browser.
The following exploit code is available:
Solution / Fix
Shop-Script FREE Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].