CVE-2008-3136

UNRATEDJSON export Create alert

Description

SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.

Affected products

Ashopsoftware / ashop_deluxe4 – 4

References

MISChttp://www.securityfocus.com/bid/30022
EXPLOIThttps://www.exploit-db.com/exploits/5976
VENDOR_ADVISORYhttp://secunia.com/advisories/30902
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43537