CVE-2007-4121 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
E-commerce Solutions	Auction Script Multi-vendor E-shop Script Shopping Cart Script

Configuration 1 [-]

OR	cpe:2.3:a:e-commerce_solutions:auction_script::::::::
	cpe:2.3:a:e-commerce_solutions:multi-vendor_e-shop_script::::::::
	cpe:2.3:a:e-commerce_solutions:shopping_cart_script::::::::

No data.

References

Link	Providers
http://outlaw.aria-security.info/?p=11
http://secunia.com/advisories/26277
http://securityreason.com/securityalert/2944
http://www.securityfocus.com/archive/1/475062/100/0/threaded
http://www.securityfocus.com/bid/25125
https://exchange.xforce.ibmcloud.com/vulnerabilities/35680

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-01T16:00:00

Updated: 2024-08-07T14:46:39.346Z

Reserved: 2007-08-01T00:00:00

Link: CVE-2007-4121

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-01T16:17:00.000

Modified: 2024-11-21T00:34:50.017

Link: CVE-2007-4121

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-28T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ecommerce-admin-sql-injection(35680)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35680"}, {"tags": ["x_refsource_MISC"], "url": "http://outlaw.aria-security.info/?p=11"}, {"name": "20070728 E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/475062/100/0/threaded"}, {"name": "2944", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2944"}, {"name": "25125", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25125"}, {"name": "26277", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26277"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4121", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ecommerce-admin-sql-injection(35680)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35680"}, {"name": "http://outlaw.aria-security.info/?p=11", "refsource": "MISC", "url": "http://outlaw.aria-security.info/?p=11"}, {"name": "20070728 E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/475062/100/0/threaded"}, {"name": "2944", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2944"}, {"name": "25125", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25125"}, {"name": "26277", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26277"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:39.346Z"}, "title": "CVE Program Container", "references": [{"name": "ecommerce-admin-sql-injection(35680)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35680"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://outlaw.aria-security.info/?p=11"}, {"name": "20070728 E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/475062/100/0/threaded"}, {"name": "2944", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2944"}, {"name": "25125", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25125"}, {"name": "26277", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26277"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4121", "datePublished": "2007-08-01T16:00:00", "dateReserved": "2007-08-01T00:00:00", "dateUpdated": "2024-08-07T14:46:39.346Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:e-commerce_solutions:auction_script:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FAB1F70-0B26-468D-BAAD-4A34BFBB02ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:e-commerce_solutions:multi-vendor_e-shop_script:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4FC45F7-9963-48B5-9B3E-6A50E53523AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:e-commerce_solutions:shopping_cart_script:*:*:*:*:*:*:*:*", "matchCriteriaId": "08B07019-26BE-4537-B4AB-DD76B8C87AAF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en admin.aspx de E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, y Auction Script permite a atacantes remotos ejecutar comandos sql de su elecci\u00f3n mediante los par\u00e1metros (1) EmailAdd (Username) y (2) Pass (password). NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."}], "id": "CVE-2007-4121", "lastModified": "2024-11-21T00:34:50.017", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-01T16:17:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://outlaw.aria-security.info/?p=11"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26277"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2944"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/475062/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/25125"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://outlaw.aria-security.info/?p=11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2944"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/475062/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/25125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35680"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}