Summary
Amazon Shop is prone to multiple vulnerabilities, including a cross-site scripting issue, a directory-traversal issue, and multiple remote file-include issues, because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit these issues to run malicious PHP code in the context of the webserver process, run script code in an unsuspecting user's browser, steal cookie-based authentication credentials, or obtain sensitive information
other attacks are also
possible.
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ASUS RT56U Router Multiple Vulnerabilities
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- Artifectx xClassified 'catid' SQL Injection Vulnerability