Unrated severityNVD Advisory· Published Aug 1, 2007· Updated Apr 23, 2026

CVE-2007-4121

Description

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information.

Affected products

E Commerce Solutions/Auction Script
cpe:2.3:a:e-commerce_solutions:auction_script:*:*:*:*:*:*:*:*
E Commerce Solutions/Multi Vendor E Shop Script
cpe:2.3:a:e-commerce_solutions:multi-vendor_e-shop_script:*:*:*:*:*:*:*:*
E Commerce Solutions/Shopping Cart Script
cpe:2.3:a:e-commerce_solutions:shopping_cart_script:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

outlaw.aria-security.infonvdExploit
secunia.com/advisories/26277nvdVendor Advisory
www.securityfocus.com/bid/25125nvdVendor Advisory
securityreason.com/securityalert/2944nvd
www.securityfocus.com/archive/1/475062/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/35680nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000