CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2872 – shibby shop 2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2872
26 Jun 2008 — SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. Vulnerabilidad de inyección SQL en default.asp in sHibby sHop 2.2 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL arbitrariamente a través del parámetro sayfa. • https://www.exploit-db.com/exploits/5895 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2008-2873 – shibby shop 2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2873
26 Jun 2008 — sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb. sHibby sHop 2.2 y versiones anteriores, almacena información sensible bajo la raíz web con controles de acceso insuficientes, lo cual permite a atacantes remotos descargarse una base de datos a través de una petición directa a Db/urun.mdb. • https://www.exploit-db.com/exploits/5895 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2008-2882 – shibby shop 2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2882
26 Jun 2008 — upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request. upgrade.asp de sHibby sHop 2.2 y anteriores, no requiere la autenticación del administrador; esto permite a atacantes remotos actualizar un fichero o tener otros impactos no especificados mediante una petición directa. • https://www.exploit-db.com/exploits/5895 • CWE-264: Permissions, Privileges, and Access Controls •