vendor:
Shop-Inet V.4
by:
FeDeReR
9.3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Shop-Inet V.4
Affected Version From: 4
Affected Version To: 4
Patch Exists: YES
Related CWE: CVE-2009-0269
CPE: a:shop-inet:shop-inet_v4
Metasploit:
https://www.rapid7.com/db/vulnerabilities/vmsa-2009-0016-5-updated-service-console-package-kernel-cve-2009-0269/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-0269/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-0269/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-0360/
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=35987, https://www.infosecmatter.com/nessus-plugin-library/?id=37337, https://www.infosecmatter.com/nessus-plugin-library/?id=89117, https://www.infosecmatter.com/nessus-plugin-library/?id=38668, https://www.infosecmatter.com/nessus-plugin-library/?id=42870, https://www.infosecmatter.com/nessus-plugin-library/?id=45507, https://www.infosecmatter.com/nessus-plugin-library/?id=108811
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009
SHOP-INET V.4 Exploit
SHOP-INET V.4 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries and gain access to unauthorized information.
Mitigation:
Upgrade to the latest version of SHOP-INET V.4
