CVE-2007-0056

AShop Deluxe 4.5 and AShop Administration Panel - Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2007-0056. PoCs published by Hackers Center Security.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in AShop Deluxe and AShop Administration Panel, where user-supplied input is not sufficiently sanitized. It includes example URLs demonstrating how an attacker could exploit this vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php.

Exploits (6)

exploitdb WRITEUP VERIFIED
by Hackers Center Security · textwebappsphp
https://www.exploit-db.com/exploits/29380

The provided text describes a cross-site scripting (XSS) vulnerability in AShop Deluxe and AShop Administration Panel, where user-supplied input is not sufficiently sanitized. It includes example URLs demonstrating how an attacker could exploit this vulnerability.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: AShop Deluxe and AShop Administration Panel
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Hackers Center Security · textwebappsphp
https://www.exploit-db.com/exploits/29379

The provided text describes a cross-site scripting (XSS) vulnerability in AShop Deluxe and AShop Administration Panel, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'searchstring' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: AShop Deluxe and AShop Administration Panel
No auth needed
Prerequisites: Access to the vulnerable search.php endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Hackers Center Security · textwebappsphp
https://www.exploit-db.com/exploits/29382

The provided text describes a cross-site scripting (XSS) vulnerability in AShop Deluxe and AShop Administration Panel. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: AShop Deluxe and AShop Administration Panel
No auth needed
Prerequisites: Access to the vulnerable URL parameter
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Hackers Center Security · textwebappsphp
https://www.exploit-db.com/exploits/29381

The provided text describes a cross-site scripting (XSS) vulnerability in AShop Deluxe and AShop Administration Panel. It explains the issue and provides an example URL to demonstrate the vulnerability.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: AShop Deluxe and AShop Administration Panel
No auth needed
Prerequisites: Access to the vulnerable application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Hackers Center Security · textwebappsphp
https://www.exploit-db.com/exploits/29377

The provided text describes a cross-site scripting (XSS) vulnerability in AShop Deluxe and AShop Administration Panel, where user-supplied input is not sufficiently sanitized. It includes example URLs demonstrating the vulnerability but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: AShop Deluxe and AShop Administration Panel
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Hackers Center Security · textwebappsphp
https://www.exploit-db.com/exploits/29378

The provided text describes a cross-site scripting (XSS) vulnerability in AShop Deluxe and AShop Administration Panel, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the 'cat' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: AShop Deluxe and AShop Administration Panel
No auth needed
Prerequisites: Access to the vulnerable application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23547
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/455629/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21845
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2091
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/32553
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/32556
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/32554
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/32558
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31178
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/32555
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/32557
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0028

Scores

EPSS 0.0258
EPSS Percentile 83.2%

Details

Status published
Products (2)
ashopsoftware/ashop_administration_panel
ashopsoftware/ashop_deluxe 4.5
Published Jan 04, 2007
Tracked Since Feb 18, 2026