SQL Injection in My123tkshop E-commerce-suite
CVE-2007-6458
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.
Vulnerability class: SQL Injection
EPSS: 0.020 (78.6th percentile) — read the EPSS interpretation.
Affected products
- My123tkshop E-commerce-suite — versions 0.9.1
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (exploit, x_refsource_EXPLOIT-DB)
- cve@mitre.org (Exploit, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_OSVDB, vdb-entry)