Search
Find a vulnerability
Search criteria
8 vulnerabilities found for ig_shop by igeneric
CVE-2007-2717 (GCVE-0-2007-2717)
Vulnerability from nvd – Published: 2007-05-16 19:00 – Updated: 2024-08-07 13:49
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/3907 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/37910 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/23949 | vdb-entryx_refsource_BID |
Date Public
2007-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3907",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3907"
},
{
"name": "37910",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37910"
},
{
"name": "23949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3907",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3907"
},
{
"name": "37910",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37910"
},
{
"name": "23949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3907",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3907"
},
{
"name": "37910",
"refsource": "OSVDB",
"url": "http://osvdb.org/37910"
},
{
"name": "23949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2717",
"datePublished": "2007-05-16T19:00:00.000Z",
"dateReserved": "2007-05-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:49:57.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0134 (GCVE-0-2007-0134)
Vulnerability from nvd – Published: 2007-01-09 11:00 – Updated: 2024-08-07 12:03
VLAI
EPSS
VEX
Summary
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/21875 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/3083 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/33388 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/33387 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/471722/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/23604 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/456043/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2007/0056 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.attrition.org/pipermail/vim/2007-June/… | mailing-listx_refsource_VIM |
| http://packetstormsecurity.nl/0701-exploits/igsho… | x_refsource_MISC |
Date Public
2007-01-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21875"
},
{
"name": "3083",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33388"
},
{
"name": "33387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33387"
},
{
"name": "20070619 iG Shop 1.4 eval Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471722/100/0/threaded"
},
{
"name": "23604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"name": "igshop-cartpage-code-execution(31301)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31301"
},
{
"name": "20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-June/001664.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21875"
},
{
"name": "3083",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33388"
},
{
"name": "33387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33387"
},
{
"name": "20070619 iG Shop 1.4 eval Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471722/100/0/threaded"
},
{
"name": "23604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"name": "igshop-cartpage-code-execution(31301)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31301"
},
{
"name": "20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-June/001664.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21875"
},
{
"name": "3083",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33388",
"refsource": "OSVDB",
"url": "http://osvdb.org/33388"
},
{
"name": "33387",
"refsource": "OSVDB",
"url": "http://osvdb.org/33387"
},
{
"name": "20070619 iG Shop 1.4 eval Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471722/100/0/threaded"
},
{
"name": "23604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"name": "igshop-cartpage-code-execution(31301)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31301"
},
{
"name": "20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-June/001664.html"
},
{
"name": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0134",
"datePublished": "2007-01-09T11:00:00.000Z",
"dateReserved": "2007-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:03:37.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0132 (GCVE-0-2007-0132)
Vulnerability from nvd – Published: 2007-01-09 11:00 – Updated: 2024-08-07 12:03
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/3083 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/33385 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/23604 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/456043/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2007/0056 | vdb-entryx_refsource_VUPEN |
| http://packetstormsecurity.nl/0701-exploits/igsho… | x_refsource_MISC |
| http://www.securityfocus.com/bid/21874 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-01-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3083",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33385"
},
{
"name": "23604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
},
{
"name": "21874",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21874"
},
{
"name": "igshop-compareproduct-sql-injection(31299)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3083",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33385"
},
{
"name": "23604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
},
{
"name": "21874",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21874"
},
{
"name": "igshop-compareproduct-sql-injection(31299)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3083",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33385",
"refsource": "OSVDB",
"url": "http://osvdb.org/33385"
},
{
"name": "23604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"name": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
},
{
"name": "21874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21874"
},
{
"name": "igshop-compareproduct-sql-injection(31299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0132",
"datePublished": "2007-01-09T11:00:00.000Z",
"dateReserved": "2007-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:03:37.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0133 (GCVE-0-2007-0133)
Vulnerability from nvd – Published: 2007-01-09 11:00 – Updated: 2024-08-07 12:03
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://osvdb.org/33386 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/0056 | vdb-entryx_refsource_VUPEN |
Date Public
2007-01-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33386"
},
{
"name": "ADV-2007-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33386"
},
{
"name": "ADV-2007-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33386",
"refsource": "OSVDB",
"url": "http://osvdb.org/33386"
},
{
"name": "ADV-2007-0056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0133",
"datePublished": "2007-01-09T11:00:00.000Z",
"dateReserved": "2007-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:03:37.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2717 (GCVE-0-2007-2717)
Vulnerability from cvelistv5 – Published: 2007-05-16 19:00 – Updated: 2024-08-07 13:49
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/3907 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/37910 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/23949 | vdb-entryx_refsource_BID |
Date Public
2007-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3907",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3907"
},
{
"name": "37910",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37910"
},
{
"name": "23949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3907",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3907"
},
{
"name": "37910",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37910"
},
{
"name": "23949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3907",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3907"
},
{
"name": "37910",
"refsource": "OSVDB",
"url": "http://osvdb.org/37910"
},
{
"name": "23949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2717",
"datePublished": "2007-05-16T19:00:00.000Z",
"dateReserved": "2007-05-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:49:57.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0134 (GCVE-0-2007-0134)
Vulnerability from cvelistv5 – Published: 2007-01-09 11:00 – Updated: 2024-08-07 12:03
VLAI
EPSS
VEX
Summary
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/21875 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/3083 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/33388 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/33387 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/471722/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/23604 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/456043/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2007/0056 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.attrition.org/pipermail/vim/2007-June/… | mailing-listx_refsource_VIM |
| http://packetstormsecurity.nl/0701-exploits/igsho… | x_refsource_MISC |
Date Public
2007-01-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21875"
},
{
"name": "3083",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33388"
},
{
"name": "33387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33387"
},
{
"name": "20070619 iG Shop 1.4 eval Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471722/100/0/threaded"
},
{
"name": "23604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"name": "igshop-cartpage-code-execution(31301)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31301"
},
{
"name": "20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-June/001664.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21875"
},
{
"name": "3083",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33388"
},
{
"name": "33387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33387"
},
{
"name": "20070619 iG Shop 1.4 eval Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471722/100/0/threaded"
},
{
"name": "23604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"name": "igshop-cartpage-code-execution(31301)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31301"
},
{
"name": "20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-June/001664.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21875"
},
{
"name": "3083",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33388",
"refsource": "OSVDB",
"url": "http://osvdb.org/33388"
},
{
"name": "33387",
"refsource": "OSVDB",
"url": "http://osvdb.org/33387"
},
{
"name": "20070619 iG Shop 1.4 eval Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471722/100/0/threaded"
},
{
"name": "23604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"name": "igshop-cartpage-code-execution(31301)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31301"
},
{
"name": "20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-June/001664.html"
},
{
"name": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0134",
"datePublished": "2007-01-09T11:00:00.000Z",
"dateReserved": "2007-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:03:37.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0132 (GCVE-0-2007-0132)
Vulnerability from cvelistv5 – Published: 2007-01-09 11:00 – Updated: 2024-08-07 12:03
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/3083 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/33385 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/23604 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/456043/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2007/0056 | vdb-entryx_refsource_VUPEN |
| http://packetstormsecurity.nl/0701-exploits/igsho… | x_refsource_MISC |
| http://www.securityfocus.com/bid/21874 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-01-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3083",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33385"
},
{
"name": "23604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
},
{
"name": "21874",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21874"
},
{
"name": "igshop-compareproduct-sql-injection(31299)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3083",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33385"
},
{
"name": "23604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
},
{
"name": "21874",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21874"
},
{
"name": "igshop-compareproduct-sql-injection(31299)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3083",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3083"
},
{
"name": "33385",
"refsource": "OSVDB",
"url": "http://osvdb.org/33385"
},
{
"name": "23604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23604"
},
{
"name": "20070105 IG Shop remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456043/100/0/threaded"
},
{
"name": "ADV-2007-0056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0056"
},
{
"name": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt"
},
{
"name": "21874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21874"
},
{
"name": "igshop-compareproduct-sql-injection(31299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0132",
"datePublished": "2007-01-09T11:00:00.000Z",
"dateReserved": "2007-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:03:37.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0133 (GCVE-0-2007-0133)
Vulnerability from cvelistv5 – Published: 2007-01-09 11:00 – Updated: 2024-08-07 12:03
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://osvdb.org/33386 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/0056 | vdb-entryx_refsource_VUPEN |
Date Public
2007-01-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33386"
},
{
"name": "ADV-2007-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33386"
},
{
"name": "ADV-2007-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33386",
"refsource": "OSVDB",
"url": "http://osvdb.org/33386"
},
{
"name": "ADV-2007-0056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0133",
"datePublished": "2007-01-09T11:00:00.000Z",
"dateReserved": "2007-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:03:37.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}