SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.
8.3AI Score
0.001EPSS
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
8.3AI Score
0.001EPSS
admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo."
7.4AI Score
0.017EPSS