Vulnerabilities > CVE-2004-0348 - Multiple vulnerability in Spidersales 2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | SpiderSales 2.0 Shopping Cart Multiple Vulnerabilities. CVE-2004-0348. Webapps exploit for asp platform |
id | EDB-ID:23791 |
last seen | 2016-02-02 |
modified | 2004-03-03 |
published | 2004-03-03 |
reporter | Nick Gudov |
source | https://www.exploit-db.com/download/23791/ |
title | SpiderSales 2.0 Shopping Cart Multiple Vulnerabilities |
Nessus
NASL family | CGI abuses |
NASL id | SPIDERSALES_SQL_INJECTION.NASL |
description | The remote host is running the SpiderSales Shopping Cart CGI suite. There is a bug in this suite which may allow an attacker to force it to execute arbitrary SQL statements on the remote host. An attacker may use this flaw to gain the control of the remote website and possibly execute arbitrary commands on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 12088 |
published | 2004-03-04 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/12088 |
title | SpiderSales Shopping Cart SQL injection |