admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo."
Max CVSS
7.5
EPSS Score
1.66%
Published
2009-02-26
Updated
2017-09-29
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
Max CVSS
7.5
EPSS Score
0.12%
Published
2008-11-04
Updated
2017-09-29
SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-11-04
Updated
2017-09-29
3 vulnerabilities found