SQL Injection in Shopex Ecshop
CVE-2010-2042
SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information.
Vulnerability class: SQL Injection
EPSS: 0.010 (57.6th percentile) — read the EPSS interpretation.
Affected products
- Shopex Ecshop — versions 2.7.2
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cve@mitre.org (Exploit, vdb-entry, x_refsource_BID)
- cve@mitre.org (Exploit, exploit, x_refsource_EXPLOIT-DB)