VYPR

Digishop

by Sum Effect Software

CVEs (3)

  • CVE-2010-4633Dec 30, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1.

  • CVE-2006-5164Oct 5, 2006
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters.

  • CVE-2005-4614Dec 31, 2005
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier allow remote attackers to execute arbitrary SQL commands or obtain the full installation path via (1) the c parameter in cart.php and (2) unspecified search module parameters.