Aspindir: >> Shibby Shop Security Vulnerabilities
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2008-06-26
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.
CVSS Score
5.0
EPSS Score
0.059
Published
2008-06-26
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.
CVSS Score
7.5
EPSS Score
0.047
Published
2008-06-26