CVE-2006-2053

Sažetak

Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm, (2) ItemID parameter in (c) proddetail.cfm, (3) SubCatID parameter in (d) index.cfm, the (4) CategoryID parameter in (e) prodpage.cfm, and (5) ProdID parameter in (f) Details.cfm. NOTE: these issues can also be exploited for path disclosure.

Reference

http://pridels0.blogspot.com/2006/04/quickestore-79-vuln.html
http://secunia.com/advisories/19817
http://www.osvdb.org/24976
http://www.osvdb.org/24977
http://www.osvdb.org/24978
http://www.osvdb.org/24979
http://www.osvdb.org/24980
http://www.vupen.com/english/advisories/2006/1514
https://exchange.xforce.ibmcloud.com/vulnerabilities/26045

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

20-07-2017 - 01:31

Objavljeno

26-04-2006 - 20:06