Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2008-0739

Published

16 years ago

Last Modified

14 years ago

CVSSv2.0 Severity

High

Impact Analysis

Share on Facebook
Share on LinkedIn
Share on Twitter

SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter..

CVSSv2.0 Score

Severity: High
Base Score: 7.5/10
Exploit Score: 10/10
Access Vector: Network
Access Complexity: Low
Authentication Required: None
Impact Score: 6.4/10
Confidentiality Impact: Partial
Availability Impact: Partial
Integrity Impact: Partial

Products Affected

CPE	Affected	Vulnerable	Excluding	Edit
cpe:2.3:a:shoppingtree:candypress_store:4.1.1.26::::::	Yes	-	-
cpe:2.3:a:shoppingtree:candypress_store::::::::	Yes	-	-

References

http://www.candypress.com/CPforum/forum_posts.asp?TID=10630&PN=1
http://secunia.com/advisories/28662
http://www.vupen.com/english/advisories/2008/0314