CVE-2008-6114 – e107 Plugin ZoGo-Shop 1.15.4 - 'product' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6114
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter. Vulnerabilidad de inyección SQL en product_details.php en el complemento Mytipper Zogo-shop para e107, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "product". • https://www.exploit-db.com/exploits/7184 http://secunia.com/advisories/32795 http://www.securityfocus.com/bid/32423 https://exchange.xforce.ibmcloud.com/vulnerabilities/46784 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-2447 – e-107 Plugin ZoGo-Shop 1.16 Beta 13 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-2447
SQL injection vulnerability in products.php in the Mytipper ZoGo-shop plugin 1.15.5 and 1.16 Beta 13 for e107 allows remote attackers to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en products.php de la extensión (plugin) Mytipper ZoGo-shop 1.15.5 y 1.16 Beta 13 para e107 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cat. • https://www.exploit-db.com/exploits/5605 http://secunia.com/advisories/30232 http://www.securityfocus.com/bid/29185 https://exchange.xforce.ibmcloud.com/vulnerabilities/42384 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •