Vulnerabilities > CVE-2004-1881 - Unspecified vulnerability in Cactusoft Cactushop 5.0/5.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Cactusoft CactuShop 5.0/5.1 SQL Injection Vulnerability. CVE-2004-1881. Webapps exploit for asp platform |
id | EDB-ID:23898 |
last seen | 2016-02-02 |
modified | 2004-03-31 |
published | 2004-03-31 |
reporter | Nick Gudov |
source | https://www.exploit-db.com/download/23898/ |
title | Cactusoft CactuShop 5.0/5.1 - SQL Injection Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | CACTUSHOP_MULTIPLE_FLAWS.NASL |
description | The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied-data in the script |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15461 |
published | 2004-10-12 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15461 |
title | CactuShop 5.x Multiple Remote Vulnerabilities (XSS, SQLi) |
code |
|
References
- http://www.s-quadra.com/advisories/Adv-20040331.txt
- http://securitytracker.com/id?1009601
- http://www.securityfocus.com/bid/10019
- http://www.osvdb.org/4785
- http://www.osvdb.org/4786
- http://secunia.com/advisories/11272
- http://marc.info/?l=bugtraq&m=108075059013762&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15686