Igeneric
Products
3- 4 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-0134 | 0.04 | — | 0.14 | Jan 9, 2007 | Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4. | ||
| CVE-2007-2717 | 0.03 | — | 0.00 | May 16, 2007 | SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537. | ||
| CVE-2007-0130 | 0.03 | — | 0.02 | Jan 9, 2007 | SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2007-0133 | 0.03 | — | 0.00 | Jan 9, 2007 | Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter. | ||
| CVE-2007-0132 | 0.03 | — | 0.03 | Jan 9, 2007 | SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2005-0537 | 0.00 | — | 0.00 | Feb 21, 2005 | Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters. |
- CVE-2007-0134Jan 9, 2007risk 0.04cvss —epss 0.14
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.
- CVE-2007-2717May 16, 2007risk 0.03cvss —epss 0.00
SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537.
- CVE-2007-0130Jan 9, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-0133Jan 9, 2007risk 0.03cvss —epss 0.00
Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.
- CVE-2007-0132Jan 9, 2007risk 0.03cvss —epss 0.03
SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2005-0537Feb 21, 2005risk 0.00cvss —epss 0.00
Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters.