CVE-2007-3447
published 2007-06-27CVE-2007-3447: SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box."…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.14%
62.6th percentile
SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bugmall | shopping_cart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
F-PROT AntiVirus 6.2.1.4252 - Malformed Archive Infinite Loop Denial of Service
exploitdb·2008-07-31
CVE-2008-3447 F-PROT AntiVirus 6.2.1.4252 - Malformed Archive Infinite Loop Denial of Service
F-PROT AntiVirus 6.2.1.4252 - Malformed Archive Infinite Loop Denial of Service
---
$ /opt/f-prot/fpscan snot.zip
F-PROT Antivirus version 6.2.1.4252 (built: 2008-04-28T16-44-10)
FRISK Software International (C) Copyright 1989-2007
Engine version: 4.4.4.56
Virus signatures: 200806021748d9e53873896ea96bd4e8a470344c25b5
(/opt/f-prot/antivir.def)
Scanning: -
^^ at this point the scanner gets stuck in an infinite loop and will not
finish or continue to other files if told to scan a directory.
If you use F-PROT you probably won't be reading this on account of
your scanner hanging, woops.
--
kokanin
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6174.zip (2008-snot.zip.bla)
# milw0rm.com [2008-07-31]
Exploit-DB
bugmall shopping cart 2.5 - SQL Injection / Cross-Site Scripting
exploitdb·2007-06-25
CVE-2007-3448 bugmall shopping cart 2.5 - SQL Injection / Cross-Site Scripting
bugmall shopping cart 2.5 - SQL Injection / Cross-Site Scripting
---
--==+================================================================================+==--
--==+ BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS +==--
--==+================================================================================+==--
AUTHOR: t0pP8uZz & xprog (Excellent Work xprog thanks :D)
SCRIPT DOWNLOAD: http://www.bug-mall.org/downloads/bugmall.zip
ORIGINAL ADVISORY CAN BE FOUND HERE: http://www.h4cky0u.org/viewtopic.php?t=26834
SITE: http://www.bug-mall.org
DORK: Powered by Bug Software intext:Your Cart Contains
EXPLOITS:
EXPLOIT 1: http://www.site.com/BugMallPAth/index.php?msgs=[HTML, JAVASCRIPT]
EXPLOIT 2: The basic search box is vulnerable to sql injection, check
No writeups or analysis indexed.
http://osvdb.org/38223http://secunia.com/advisories/25836http://www.h4cky0u.org/viewtopic.php?t=26834http://www.securityfocus.com/bid/24629http://www.vupen.com/english/advisories/2007/2322https://exchange.xforce.ibmcloud.com/vulnerabilities/35039https://www.exploit-db.com/exploits/4103http://osvdb.org/38223http://secunia.com/advisories/25836http://www.h4cky0u.org/viewtopic.php?t=26834http://www.securityfocus.com/bid/24629http://www.vupen.com/english/advisories/2007/2322https://exchange.xforce.ibmcloud.com/vulnerabilities/35039https://www.exploit-db.com/exploits/4103
2007-06-27
Published