FreeWebshop Multiple SQL Injection And Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

FreeWebshop is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. FreeWebshop 2.2.9 is vulnerable other versions may also be affected.

References

http://www.freewebshop.org
http://www.securityfocus.com/bid/55567

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Alchemy Eye HTTP Command Execution
ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
68designs 68kb Multiple Remote File Include Vulnerabilities
b2ePMS Multiple SQL Injection Vulnerabilities
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities

FreeWebshop Multiple SQL Injection and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities