CVE-2008-3412

Published Jul 31, 2008

Last updated 7 years ago

Overview

Description: SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B418B22F-94B3-4136-9153-4CCD11818719",
            "versionEndIncluding": "2.1.5"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F599A10-59D2-42DD-B802-8CF762FE4058"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "163FD650-44D0-4279-9965-63560290A62B"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD0F5987-618D-4AC7-AB68-77D7EC086092"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.0.2:a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72B0447A-5245-4058-AFFA-AE77B54AFF1F"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA2C9029-29F5-460B-839D-914154F1253E"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19307B71-B617-4D1A-AE63-E3ADDB4CC946"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B88A332-9138-4AFF-98CE-F0490249D649"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E76F06E3-7AD7-4C0C-B9EF-133241B4E81B"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.1.1:a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5E8BB11-ABD6-44EC-BC11-D04E498A8C44"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.1.1:b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "325C11B1-3ADD-4AE6-9D36-6BF503EADBFB"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.1.1:c:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B51A2BE2-70B0-4D25-8C1A-AA0C7E4C3D55"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F94A3FD5-E50C-4573-9F45-C567020BA790"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.1.2:a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADE42D81-5D62-4E88-B11C-FC84CCF52466"
          },
          {
            "criteria": "cpe:2.3:a:ecshop:epshop:2.1.2:b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FA9315F-542B-421E-B8A2-5BCFA1BD7472"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References