Vulnerabilities > CVE-2007-0056 - Unspecified vulnerability in Ashopsoftware Ashop Administration Panel and Ashop Deluxe
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN ashopsoftware
exploit available
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description AShop Deluxe 4.5 admin/salesadmin.php resultpage Parameter XSS. CVE-2007-0056. Webapps exploit for php platform id EDB-ID:29382 last seen 2016-02-03 modified 2007-01-02 published 2007-01-02 reporter Hackers Center Security source https://www.exploit-db.com/download/29382/ title AShop Deluxe 4.5 admin/salesadmin.php resultpage Parameter XSS description AShop Deluxe 4.5 ashop/catalogue.php Multiple Parameter XSS. CVE-2007-0056. Webapps exploit for php platform id EDB-ID:29377 last seen 2016-02-03 modified 2007-01-02 published 2007-01-02 reporter Hackers Center Security source https://www.exploit-db.com/download/29377/ title AShop Deluxe 4.5 ashop/catalogue.php Multiple Parameter XSS description AShop Deluxe 4.5 shipping.php Multiple Parameter XSS. CVE-2007-0056. Webapps exploit for php platform id EDB-ID:29380 last seen 2016-02-03 modified 2007-01-02 published 2007-01-02 reporter Hackers Center Security source https://www.exploit-db.com/download/29380/ title AShop Deluxe 4.5 shipping.php Multiple Parameter XSS description AShop Deluxe 4.5 ashop/basket.php cat Parameter XSS. CVE-2007-0056. Webapps exploit for php platform id EDB-ID:29378 last seen 2016-02-03 modified 2007-01-02 published 2007-01-02 reporter Hackers Center Security source https://www.exploit-db.com/download/29378/ title AShop Deluxe 4.5 ashop/basket.php cat Parameter XSS description AShop Deluxe 4.5 ashop/search.php searchstring Parameter XSS. CVE-2007-0056. Webapps exploit for php platform id EDB-ID:29379 last seen 2016-02-03 modified 2007-01-02 published 2007-01-02 reporter Hackers Center Security source https://www.exploit-db.com/download/29379/ title AShop Deluxe 4.5 ashop/search.php searchstring Parameter XSS description AShop Deluxe 4.5 admin/editcatalogue.php cat Parameter XSS. CVE-2007-0056. Webapps exploit for php platform id EDB-ID:29381 last seen 2016-02-03 modified 2007-01-02 published 2007-01-02 reporter Hackers Center Security source https://www.exploit-db.com/download/29381/ title AShop Deluxe 4.5 admin/editcatalogue.php cat Parameter XSS
References
- http://osvdb.org/32553
- http://osvdb.org/32554
- http://osvdb.org/32555
- http://osvdb.org/32556
- http://osvdb.org/32557
- http://osvdb.org/32558
- http://secunia.com/advisories/23547
- http://securityreason.com/securityalert/2091
- http://www.securityfocus.com/archive/1/455629/100/0/threaded
- http://www.securityfocus.com/bid/21845
- http://www.vupen.com/english/advisories/2007/0028
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31178
- http://osvdb.org/32553
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31178
- http://www.vupen.com/english/advisories/2007/0028
- http://www.securityfocus.com/bid/21845
- http://www.securityfocus.com/archive/1/455629/100/0/threaded
- http://securityreason.com/securityalert/2091
- http://secunia.com/advisories/23547
- http://osvdb.org/32558
- http://osvdb.org/32557
- http://osvdb.org/32556
- http://osvdb.org/32555
- http://osvdb.org/32554