Vulnerability Description
Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1) productscount, (2) colscount, and (3) darkcolor parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shop-Script | Shop-Script | 2.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/26840
- http://www.securityfocus.com/bid/25695
- https://www.exploit-db.com/exploits/4419
- http://secunia.com/advisories/26840
- http://www.securityfocus.com/bid/25695
- https://www.exploit-db.com/exploits/4419
FAQ
What is CVE-2007-4933?
CVE-2007-4933 is a vulnerability with a CVSS score of 7.5 (HIGH). Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.ph...
How severe is CVE-2007-4933?
CVE-2007-4933 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4933?
Check the references section above for vendor advisories and patch information. Affected products include: Shop-Script Shop-Script.