Vulnerabilities > Turnkey WEB Tools > Sunshop Shopping Cart > 4.0

DATE	CVE	VULNERABILITY TITLE	RISK
2007-08-30	CVE-2007-4597	SQL Injection vulnerability in Turnkey web Tools Sunshop Shopping Cart 4.0 SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549. network low complexity turnkey-web-tools CWE-89	7.5
2007-05-09	CVE-2007-2549	SQL-Injection vulnerability in Turnkey web Tools Sunshop Shopping Cart 4.0 SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter. network low complexity turnkey-web-tools	7.5
2007-05-09	CVE-2007-2548	Input Validation vulnerability in Turnkey web Tools Sunshop Shopping Cart 4.0 Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation." network low complexity turnkey-web-tools	6.4
2007-05-09	CVE-2007-2547	Input Validation vulnerability in Turnkey web Tools Sunshop Shopping Cart 4.0 Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. network turnkey-web-tools	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.