CVE-2007-0134 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-0134
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0134

Description: Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/31301 VIM http://www.attrition.org/pipermail/vim/2007-June/001664.html SAID Secunia Advisory: SA23604 OSVDB 33387 33388 MISC http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt MILW0RM http://milw0rm.com/exploits/3083 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/471722/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/456043/100/0/threaded BID 21875

Return to the previous page.