Vulnerabilities > CVE-2004-0300 - Multiple vulnerability in Ecommerce Corporation Online Store KIT 3.0Lite/3.0Pro/3.0Standard
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description Ecommerce Corporation Online Store Kit 3.0 listing.php id Parameter SQL Injection. CVE-2004-0300. Webapps exploit for php platform id EDB-ID:23720 last seen 2016-02-02 modified 2004-02-18 published 2004-02-18 reporter G00db0y source https://www.exploit-db.com/download/23720/ title Ecommerce Corporation Online Store Kit 3.0 listing.php id Parameter SQL Injection description Ecommerce Corporation Online Store Kit 3.0 shop_by_brand.php cat_manufacturer Parameter SQL Injection. CVE-2004-0300. Webapps exploit for php platform id EDB-ID:23719 last seen 2016-02-02 modified 2004-02-18 published 2004-02-18 reporter G00db0y source https://www.exploit-db.com/download/23719/ title Ecommerce Corporation Online Store Kit 3.0 shop_by_brand.php cat_manufacturer Parameter SQL Injection description Ecommerce Corporation Online Store Kit 3.0 More.PHP id Parameter SQL Injection. CVE-2004-0300. Webapps exploit for php platform id EDB-ID:23711 last seen 2016-02-02 modified 2003-02-17 published 2003-02-17 reporter David Sopas Ferreira source https://www.exploit-db.com/download/23711/ title Ecommerce Corporation Online Store Kit 3.0 More.PHP id Parameter SQL Injection description Ecommerce Corporation Online Store Kit 3.0 shop.php cat Parameter SQL Injection. CVE-2004-0300. Webapps exploit for php platform id EDB-ID:23718 last seen 2016-02-02 modified 2004-02-18 published 2004-02-18 reporter G00db0y source https://www.exploit-db.com/download/23718/ title Ecommerce Corporation Online Store Kit 3.0 shop.php cat Parameter SQL Injection
Nessus
NASL family | CGI abuses |
NASL id | ECOMMERCE_CORP_SQL_INJECTION.NASL |
description | The remote host is running Ecommerce Corporation Online Store Kit, a web-based e-commerce CGI suite. There is a SQL injection vulnerability in the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 12062 |
published | 2004-02-17 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/12062 |
title | Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities |
code |
|
References
- http://marc.info/?l=bugtraq&m=107712117913185&w=2
- http://secunia.com/advisories/10902/
- http://securitytracker.com/alerts/2004/Feb/1009092.html
- http://www.osvdb.org/3973
- http://www.securityfocus.com/bid/9676
- http://www.securityfocus.com/bid/9687
- http://www.systemsecure.org/advisories/ssadvisory16022004.php
- http://www.zone-h.org/en/advisories/read/id=3972/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15232