CVE Tools

freewebshop

Web & CMS Pluginscommercial

10

Cumulative CVEs

6

Monthly snapshots

#17

Peak rank

Top products

Latest CVEs

The 10 most recently published vulnerabilities affecting freewebshop.

CVE-2011-5147Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP c...5.0Aug 31, 2012
CVE-2009-2338Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local file...6.8Jul 7, 2009
CVE-2007-6711Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors.10.0Mar 24, 2008
CVE-2007-6466Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat paramet...7.5Dec 20, 2007
CVE-2007-0531PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.7.5Jan 26, 2007
CVE-2006-6941index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message.5.0Jan 19, 2007
CVE-2006-5847Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.6.1Nov 10, 2006
CVE-2006-5846Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vec...6.4Nov 10, 2006
CVE-2006-5773Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. (dot dot) in the action p...5.0Nov 6, 2006
CVE-2006-5772Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter.7.5Nov 6, 2006