Vulnerabilities > CVE-2004-2108 - SQL Injection vulnerability in QuadComm Q-Shop

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

quadcomm

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp.

Vulnerable Configurations

Part	Description	Count
Application	Quadcomm Quadcomm Q Shop 2.0 Quadcomm Q Shop 2.1 Quadcomm Q Shop 2.5 Quadcomm Q Shop 2.5_Beta	4

References

http://marc.info/?l=bugtraq&m=107488132208229&w=2
http://secunia.com/advisories/10704
http://securitytracker.com/alerts/2004/Jan/1008837.html
http://www.osvdb.org/3698
http://www.osvdb.org/3699
http://www.osvdb.org/3700
http://www.osvdb.org/3701
http://www.osvdb.org/3702
http://www.osvdb.org/3703
http://www.osvdb.org/3704
http://www.osvdb.org/3705
http://www.osvdb.org/3706
http://www.securityfocus.com/bid/9481
http://www.s-quadra.com/advisories/Adv-20040123.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/14922