Vulnerabilities > CVE-2007-0133 - SQL-Injection vulnerability in iG Shop

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

igeneric

exploit available

NVD

Published: 2007-01-09

Updated: 2011-03-08

Summary

Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.

Vulnerable Configurations

Part	Description	Count
Application	Igeneric Igeneric IG Shop *	1

Exploit-Db

description	iG Shop 1.0 (eval/sql injection) Multiple Remote Vulnerabilities. CVE-2007-0132,CVE-2007-0133,CVE-2007-0134. Webapps exploit for php platform
file	exploits/php/webapps/3083.txt
id	EDB-ID:3083
last seen	2016-01-31
modified	2007-01-05
platform	php
port
published	2007-01-05
reporter	Michael Brooks
source	https://www.exploit-db.com/download/3083/
title	ig shop 1.0 eval/SQL Injection Multiple Vulnerabilities
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References