CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-2980

SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.5%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.attrition.org/pipermail/vim/2006-June/000846.html
http://www.codetosell.com/downloads/xss_fix.zip
https://exchange.xforce.ibmcloud.com/vulnerabilities/27684
http://www.attrition.org/pipermail/vim/2006-June/000846.html
http://www.codetosell.com/downloads/xss_fix.zip
https://exchange.xforce.ibmcloud.com/vulnerabilities/27684

Products affected by CVE-2006-2980

Viart Ltd » Viart Shop Free » Version: 2.5.5_enterprise

cpe:2.3:a:viart_ltd:viart_shop_free:2.5.5_enterprise
Viart Ltd » Viart Shop Free » Version: 2.5.5_light

cpe:2.3:a:viart_ltd:viart_shop_free:2.5.5_light
Viart Ltd » Viart Shop Free » Version: 2.5.5_standard

cpe:2.3:a:viart_ltd:viart_shop_free:2.5.5_standard

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-2980

Products

Pricing

Contact Us