Vulnerability CVE-2003-1268
Published: 2003-12-31   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Urlogy -> A.shop.kart 

 References:
http://www.securityfocus.com/bid/6558
http://www.securityfocus.com/archive/1/305685
http://www.iss.net/security_center/static/11029.php
http://www.centaura.com.ar/infosec/adv/ashopkart.txt
http://www.securitytracker.com/id?1005903
http://www.osvdb.org/37038
http://www.osvdb.org/37037
http://www.osvdb.org/37036
http://secunia.com/advisories/7838
Copyright 2024, cxsecurity.com

 

Back to Top