CVE-2007-4597

TurnkeyWebTools SunShop <4.0 RC 6 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.

Exploits (1)

exploitdb WORKING POC VERIFIED

by k1tk4t · perlwebappsphp

https://www.exploit-db.com/exploits/4313

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4313

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25445

[Third Party Advisory, VDB Entry] http://osvdb.org/38440

Scores

EPSS 0.0060

EPSS Percentile 69.6%

Details

CWE

CWE-89

Status published

Products (1)

turnkey_web_tools/sunshop_shopping_cart 4.0 rc_6

Published Aug 30, 2007

Tracked Since Feb 18, 2026