Details of VAR-201901-1702

ID

VAR-201901-1702

TITLE

ShopsN single merchant b2c mall system v2.3.6 has SQL injection vulnerability (CNVD-2018-25890)

Trust: 0.6

sources: CNVD: CNVD-2018-25890

DESCRIPTION

ShopsN single merchant b2c mall system is an open source online shop system developed using PHP + MySQL. There is a SQL injection vulnerability in the cancel_order function of the ShopsN single merchant b2c mall system v2.3.6 Or ***. Class.php file. An attacker can use this vulnerability to obtain the administrator account password.

Trust: 0.6

sources: CNVD: CNVD-2018-25890

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-25890

AFFECTED PRODUCTS

vendor:

e speed network

model:

shopsn single merchant b2c mall system

scope:

version:

v2.3.6

Trust: 0.6

sources: CNVD: CNVD-2018-25890

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-25890
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2018-25890
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-25890

PATCH

title:

Shopsn V2.3.6 has SQL injection vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/145583

Trust: 0.6

sources: CNVD: CNVD-2018-25890

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-25890

Trust: 0.6

sources: CNVD: CNVD-2018-25890

SOURCES

db:

CNVD

id:

CNVD-2018-25890

LAST UPDATE DATE

2022-05-04T09:16:36.215000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-25890

date:

2019-02-10T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-25890

date:

2019-01-11T00:00:00