Vulnerability CVE-2005-2062


Published: 2005-06-29   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Active web softwares -> Activebuyandsell 

 References:
http://www.vupen.com/english/advisories/2007/1096
http://marc.theaimsgroup.com/?l=bugtraq&m=111963341429906&w=2
http://xforce.iss.net/xforce/xfdb/33183
http://www.securityfocus.com/bid/23110
http://www.milw0rm.com/exploits/3550

Copyright 2020, cxsecurity.com

 

Back to Top