vendor:
EEGshop
by:
Securitylab.ir
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: EEGshop
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: YES
Related CWE: N/A
CPE: a:eegshop:eegshop:1.2
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
EEGshop 1.2 Vulnerability
A SQL injection vulnerability was discovered in EEGshop 1.2. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'shhr_inc.asp' script. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable script and execute arbitrary code on the underlying database.
Mitigation:
The vendor has released a patch to address this vulnerability. Users should update to the latest version of EEGshop.