Aspindir Shibby Shop vulnerabilities
3 known vulnerabilities affecting aspindir/shibby_shop.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2008-2882P3HIGHCVSS 7.5PoC≤ 2.22008-06-26
CVE-2008-2882 [HIGH] CWE-264 CVE-2008-2882: upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which all
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.
nvd
CVE-2008-2872P3HIGHCVSS 7.5PoC≤ 2.22008-06-26
CVE-2008-2872 [HIGH] CWE-89 CVE-2008-2872: SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
nvd
CVE-2008-2873P3MEDIUMCVSS 5.0PoC≤ 2.22008-06-26
CVE-2008-2873 [MEDIUM] CWE-264 CVE-2008-2873: sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.
nvd