Unrated severityNVD Advisory· Published Jan 9, 2007· Updated Apr 23, 2026

CVE-2007-0134

Description

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.

Affected products

Igeneric/Ig Shop2 versions
cpe:2.3:a:igeneric:ig_shop:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:igeneric:ig_shop:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:igeneric:ig_shop:1.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.nl/0701-exploits/igshop10-multiple.txtnvdExploit
secunia.com/advisories/23604nvdVendor Advisory
www.vupen.com/english/advisories/2007/0056nvdVendor Advisory
osvdb.org/33387nvd
osvdb.org/33388nvd
www.attrition.org/pipermail/vim/2007-June/001664.htmlnvd
www.securityfocus.com/archive/1/456043/100/0/threadednvd
www.securityfocus.com/archive/1/471722/100/0/threadednvd
www.securityfocus.com/bid/21875nvd
exchange.xforce.ibmcloud.com/vulnerabilities/31301nvd
www.exploit-db.com/exploits/3083nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000