Description
Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter to index.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by DeadLy DeMon · textwebappsphp
https://www.exploit-db.com/exploits/15773
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64205
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42711
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45506
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15773
Scores
EPSS
0.0013
EPSS Percentile
32.1%
Details
CWE
CWE-89
Status
published
Products (1)
mhproducts/projekt_shop
Published
Sep 27, 2011
Tracked Since
Feb 18, 2026