Vulnerabilities > CVE-2005-0907 - SQL-Injection vulnerability in Valdersoft Shopping Cart 3.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

valdersoft

NVD

Published: 2005-05-02

Updated: 2008-09-05

Summary

Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php.

Vulnerable Configurations

Part	Description	Count
Application	Valdersoft Valdersoft Shopping Cart 3.0	1

References

http://securitytracker.com/id?1013565
http://www.securityfocus.com/archive/1/394406/2005-03-26/2005-04-01/2