CRITICAL
Modified
CVE published 2017-02-15
CVE-2016-3694
CVE-2016-3694 is a critical SQL injection vulnerability in modified eCommerce Shopsoftware 2.0.0.0 revision 9678. The issue affects api/easybill/easybillcsv.php and can be triggered through the orders_status or customers_status parameters when the easybill-module is not installed. NVD rates the issue as CVSS 3.0 9.8 (Critical), reflecting unauthenticated network reachability and the potential for full com [truncated]