Vulnerabilities > CVE-2004-1881 - SQL Injection vulnerability in Cactusoft Cactushop 5.0/5.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Cactusoft CactuShop 5.0/5.1 SQL Injection Vulnerability. CVE-2004-1881. Webapps exploit for asp platform |
id | EDB-ID:23898 |
last seen | 2016-02-02 |
modified | 2004-03-31 |
published | 2004-03-31 |
reporter | Nick Gudov |
source | https://www.exploit-db.com/download/23898/ |
title | Cactusoft CactuShop 5.0/5.1 - SQL Injection Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | CACTUSHOP_MULTIPLE_FLAWS.NASL |
description | The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied-data in the script |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15461 |
published | 2004-10-12 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15461 |
title | CactuShop 5.x Multiple Remote Vulnerabilities (XSS, SQLi) |
code |
|
References
- http://marc.info/?l=bugtraq&m=108075059013762&w=2
- http://secunia.com/advisories/11272
- http://securitytracker.com/id?1009601
- http://www.osvdb.org/4785
- http://www.osvdb.org/4786
- http://www.securityfocus.com/bid/10019
- http://www.s-quadra.com/advisories/Adv-20040331.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15686