1 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

SQL injection vulnerability in products.php in the Mytipper ZoGo-shop plugin 1.15.5 and 1.16 Beta 13 for e107 allows remote attackers to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en products.php de la extensión (plugin) Mytipper ZoGo-shop 1.15.5 y 1.16 Beta 13 para e107 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cat. • https://www.exploit-db.com/exploits/5605 http://secunia.com/advisories/30232 http://www.securityfocus.com/bid/29185 https://exchange.xforce.ibmcloud.com/vulnerabilities/42384 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •