Vulnerabilities > Maran > PHP Shop

DATE CVE VULNERABILITY TITLE RISK
2009-02-26 CVE-2008-6296 Permissions, Privileges, and Access Controls vulnerability in Maran PHP Shop
admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo."
network
low complexity
maran CWE-264
7.5
7.5
2008-11-04 CVE-2008-4880 SQL Injection vulnerability in Maran PHP Shop
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
network
low complexity
maran CWE-89
7.5
7.5
2008-11-04 CVE-2008-4879 SQL Injection vulnerability in Maran PHP Shop
SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.
network
low complexity
maran CWE-89
7.5
7.5