Vulnerabilities > CVE-2006-2474 - SQL Injection vulnerability in Cosmoshop 8.10.78

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cosmoshop

exploit available

NVD

Published: 2006-05-19

Updated: 2018-10-18

Summary

SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and earlier allows remote attackers to execute arbitrary SQL commands via the artnum parameter.

Vulnerable Configurations

Part	Description	Count
Application	Cosmoshop Cosmoshop Cosmoshop 8.10.78 Cosmoshop Cosmoshop -	2

Exploit-Db

description	Cosmoshop 8.10 .78/8.11.106 Lshop.CGI SQL Injection Vulnerability. CVE-2006-2474. Webapps exploit for cgi platform
id	EDB-ID:27895
last seen	2016-02-03
modified	2006-05-18
published	2006-05-18
reporter	l0om
source	https://www.exploit-db.com/download/27895/
title	Cosmoshop 8.10.78/8.11.106 - Lshop.CGI SQL Injection Vulnerability

References

http://secunia.com/advisories/20177
http://securityreason.com/securityalert/919
http://www.osvdb.org/25649
http://www.securityfocus.com/archive/1/434368/100/0/threaded
http://www.securityfocus.com/bid/18024
https://exchange.xforce.ibmcloud.com/vulnerabilities/26534