Vulnerability CVE-2005-1967
Published: 2005-06-16   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Early impact -> Productcart ecommerce 

 References:
http://securitytracker.com/id?1014129
http://echo.or.id/adv/adv16-theday-2005.txt
Copyright 2024, cxsecurity.com

 

Back to Top