1. Home
  2. CVE Database
  3. CVE-2007-4121
HIGH · 10.0

CVE-2007-4121

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands...

Vulnerability Description

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
E-Commerce SolutionsAuction ScriptAll versions
E-Commerce SolutionsMulti-Vendor E-Shop ScriptAll versions
E-Commerce SolutionsShopping Cart ScriptAll versions

References

FAQ

What is CVE-2007-4121?

CVE-2007-4121 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands...

How severe is CVE-2007-4121?

CVE-2007-4121 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4121?

Check the references section above for vendor advisories and patch information. Affected products include: E-Commerce Solutions Auction Script, E-Commerce Solutions Multi-Vendor E-Shop Script, E-Commerce Solutions Shopping Cart Script.