Vulnerabilities > CVE-2004-0348 - Multiple vulnerability in Spidersales 2.0

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

spidersales

critical

nessus

exploit available

NVD

Published: 2004-11-23

Updated: 2017-07-11

Summary

SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter.

Vulnerable Configurations

Part	Description	Count
Application	Spidersales Spidersales Spidersales 2.0	1

Exploit-Db

description	SpiderSales 2.0 Shopping Cart Multiple Vulnerabilities. CVE-2004-0348. Webapps exploit for asp platform
id	EDB-ID:23791
last seen	2016-02-02
modified	2004-03-03
published	2004-03-03
reporter	Nick Gudov
source	https://www.exploit-db.com/download/23791/
title	SpiderSales 2.0 Shopping Cart Multiple Vulnerabilities

Nessus

NASL family	CGI abuses
NASL id	SPIDERSALES_SQL_INJECTION.NASL
description	The remote host is running the SpiderSales Shopping Cart CGI suite. There is a bug in this suite which may allow an attacker to force it to execute arbitrary SQL statements on the remote host. An attacker may use this flaw to gain the control of the remote website and possibly execute arbitrary commands on the remote host.
last seen	2020-06-01
modified	2020-06-02
plugin id	12088
published	2004-03-04
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/12088
title	SpiderSales Shopping Cart SQL injection

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References