Vendor
Powergap
Products
3
CVEs
3
Across products
4
Status
Private
Products
3- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2006-4236 | 0.04 | — | 0.11 | Aug 21, 2006 | Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and (d) s04.php; and possibly a URL located after "shopid=" or "sid=" in the PATH_INFO. | ||
| CVE-2008-3561 | 0.03 | — | 0.00 | Aug 10, 2008 | SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter. | ||
| CVE-2006-1684 | 0.00 | — | 0.00 | Apr 11, 2006 | Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via (1) the lang parameter in news.php and (2) other unspecified vectors. |
- CVE-2006-4236Aug 21, 2006risk 0.04cvss —epss 0.11
Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and (d) s04.php; and possibly a URL located after "shopid=" or "sid=" in the PATH_INFO.
- CVE-2008-3561Aug 10, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter.
- CVE-2006-1684Apr 11, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via (1) the lang parameter in news.php and (2) other unspecified vectors.