FreeWebshop Multiple SQL Injection And Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

FreeWebshop is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. FreeWebshop 2.2.9 is vulnerable other versions may also be affected.

References

http://www.freewebshop.org
http://www.securityfocus.com/bid/55567

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

68designs 68kb Multiple Remote File Include Vulnerabilities
Apache Axis2 Document Type Declaration Processing Security Vulnerability
AdaptBB Multiple Input Validation Vulnerabilities
AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
Admbook PHP Code Injection Flaw

FreeWebshop Multiple SQL Injection and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities