Back to search
CVE-2008-3768
Published: Aug 22, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
4180
third-party-advisory
x_refsource_SREASON
20080818 SunShop <= 4.1.4 SQL Injection
mailing-list
x_refsource_BUGTRAQ
31539
third-party-advisory
x_refsource_SECUNIA
6273
exploit
x_refsource_EXPLOIT-DB
http://www.gulftech.org/?node=research&article_id=00125-08182008
x_refsource_MISC
sunshopshoppingcart-classajax-sql-injection(44553)
vdb-entry
x_refsource_XF
http://demos.turnkeywebtools.com/ss4/docs/change_log.txt
x_refsource_CONFIRM
30751
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now