Aspindir Shibby Shop : Security vulnerabilities, CVEs published in 2008

Copy

CVE-2008-2882

upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.

Max CVSS

7.5

EPSS Score

0.52%

Published

2008-06-26

Updated

2017-10-19

CVE-2008-2873

sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.

Max CVSS

5.0

EPSS Score

0.28%

Published

2008-06-26

Updated

2017-10-19

CVE-2008-2872

SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.

Max CVSS

7.5

EPSS Score

0.10%

Published

2008-06-26

Updated

2017-10-19

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!