Description
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
https://www.exploit-db.com/exploits/25922
exploitdb
WRITEUP
VERIFIED
https://www.exploit-db.com/exploits/25923
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12485
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/10098
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105709450711395&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14103
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/10099
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14101
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/10100
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1007092
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14112
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/9165
Scores
EPSS
0.0579
EPSS Percentile
90.6%
Details
Status
published
Products (1)
cyberstrong/eshop
< 4.2
Published
Aug 07, 2003
Tracked Since
Feb 18, 2026