PhpShop Cross-Site Scripting And SQL Injection Vulnerabilities Network Vulnerability

Summary

PhpShop is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to adequately sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. PhpShop 0.8.1 is vulnerable other versions may also be affected.

References

http://www.phpshop.org/
http://www.securityfocus.com/archive/1/508243
http://www.securityfocus.com/bid/37227

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4570

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Login Constraints Security Bypass Vulnerability
Allaire JRun directory browsing vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

PhpShop Cross-Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities