MidnightBSD

Advisories for kansok_communications

CVE-2006-1706 HIGH

Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kansok_communications shopweezle 2.0_professional_plus
kansok_communications shopweezle 2.0_professional
kansok_communications shopweezle 2.0_personal
kansok_communications shopweezle 2.0
CVE-2006-1707 MEDIUM

index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kansok_communications shopweezle 2.0_professional_plus
kansok_communications shopweezle 2.0_professional
kansok_communications shopweezle 2.0_personal
kansok_communications shopweezle 2.0