CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2012-5227 – Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections
https://notcve.org/view.php?id=CVE-2012-5227
SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en administrer/tva.php en Peel SHOPPING v2.8 y v2.9, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id. • https://www.exploit-db.com/exploits/18422 http://www.exploit-db.com/exploits/18422 http://www.securityfocus.com/bid/51700 https://exchange.xforce.ibmcloud.com/vulnerabilities/72764 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2012-5226 – Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections
https://notcve.org/view.php?id=CVE-2012-5226
Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Peel SHOPPING v2.8 y v2.9, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) motclef a achat/recherche.php o (2) PATH_INFO a index.php. • https://www.exploit-db.com/exploits/18422 http://www.exploit-db.com/exploits/18422 http://www.securityfocus.com/bid/51700 https://exchange.xforce.ibmcloud.com/vulnerabilities/72765 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •