Turnkey Web Tools

turnkey_web_tools

11 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Sunshop Shopping Cart

sunshop_shopping_cart

Php Live Helper

php_live_helper

Php Simple Shop

php_simple_shop

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-4597 1Turnkey Web Tools 1Sunshop Shopping Cart Apr 23, 2026 Aug 30, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector th...Show more SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.Show less
CVE-2007-2549 1Turnkey Web Tools 1Sunshop Shopping Cart Apr 23, 2026 May 9, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter.
CVE-2007-2548 1Turnkey Web Tools 1Sunshop Shopping Cart Apr 23, 2026 May 9, 2007 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."
CVE-2007-2547 1Turnkey Web Tools 1Sunshop Shopping Cart Apr 23, 2026 May 9, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter.
CVE-2007-2474 1Turnkey Web Tools 1Sunshop Shopping Cart Apr 23, 2026 May 2, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pr...Show more Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070.Show less
CVE-2007-2070 1Turnkey Web Tools 1Sunshop Shopping Cart Apr 23, 2026 Apr 18, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2)...Show more Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php.Show less
CVE-2006-4052 1Turnkey Web Tools 1Php Simple Shop Apr 16, 2026 Aug 10, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2)...Show more Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php.Show less
CVE-2006-4051 1Turnkey Web Tools 1Php Live Helper Apr 16, 2026 Aug 10, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter.
CVE-2006-2394 1Turnkey Web Tools 1Php Live Helper Apr 16, 2026 May 16, 2006 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.
CVE-2006-1478 1Turnkey Web Tools 1Php Live Helper Apr 16, 2026 Mar 29, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arb...Show more Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php.Show less
CVE-2006-1477 1Turnkey Web Tools 1Php Live Helper Apr 16, 2026 Mar 29, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php...Show more Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php, (3) welcome.php, (4) admin/index.php, (5) javascript.php, (6) checkchat.php, and (7) blank.php.Show less