[Japanese]

JVNDB-2007-000088

Shopping Basket Professional vulnerable to OS command injection

Overview

Shopping Basket Professional provided by CGI RESCUE contains a vulnerability which allows a remote attacker to inject an arbitrary OS command as it does not properly validate input data.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


CGI RESCUE
  • Shopping Basket Pro v7.50 and earlier

Impact

A remote attacker could execute an arbitrary OS command on the server where Shopping Basket Professional v7 is installed.
Solution

Vendor Information

CGI RESCUE
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2007-0565
References

  1. JVN : JVN#82258242
  2. National Vulnerability Database (NVD) : CVE-2007-0565
  3. Secunia Advisory : SA23909
Revision History

  • [2008/05/21]
      Web page published

Date Public2007/01/25
Date First Published2008/05/21
Date Last Updated2008/05/21