CVE-2007-4932

Published: Sep 18, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel.

Affected (1)

Products: Shop Script: Shop Script

Shop Script

1 product

Shop Script

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Shop Script Shop Script	Up to 2.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://osvdb.org/40149

Source: cve@mitre.org

http://secunia.com/advisories/26840

Source: cve@mitre.org

http://www.securityfocus.com/bid/25695

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/36646

Source: cve@mitre.org

https://www.exploit-db.com/exploits/4419

Source: cve@mitre.org

http://osvdb.org/40149