CVE

Id
32999  
CVE No.
CVE-2008-2882  
Status
Candidate  
Description
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.  
Phase
Assigned (20080626)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
358245 32999 CVE-2008-2882 MILW0RM:5895  View
358246 32999 CVE-2008-2882 URL:http://milw0rm.com/exploits/5895  View
358247 32999 CVE-2008-2882 SECUNIA:30787  View
358248 32999 CVE-2008-2882 URL:http://secunia.com/advisories/30787  View
358249 32999 CVE-2008-2882 SREASON:3962  View
358250 32999 CVE-2008-2882 URL:http://securityreason.com/securityalert/3962  View
358251 32999 CVE-2008-2882 XF:shibbyshop-upgrade-urun-unauth-access(43296)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
49274 JVNDB-2008-004584 Jamroom における PHP リモートファイルインクルージョンの脆弱性 Jamroom の include/plugins/jrBrowser/purchase.php には、register_globals が有効になっている際、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2008-2886 32999 9.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-004584.html  View