Vulnerabilities > Aspindir > Shibby Shop

DATE CVE VULNERABILITY TITLE RISK
2008-06-26 CVE-2008-2882 Permissions, Privileges, and Access Controls vulnerability in Aspindir Shibby Shop
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.
network
low complexity
aspindir CWE-264
7.5
2008-06-26 CVE-2008-2873 Permissions, Privileges, and Access Controls vulnerability in Aspindir Shibby Shop
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.
network
low complexity
aspindir CWE-264
5.0
2008-06-26 CVE-2008-2872 SQL Injection vulnerability in Aspindir Shibby Shop
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
network
low complexity
aspindir CWE-89
7.5