Vulnerabilities > CVE-2005-0994 - Unspecified vulnerability in Early Impact Productcart 2.7

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
early-impact
nessus
exploit available

Summary

Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report.

Vulnerable Configurations

Part Description Count
Application
Early_Impact
1

Exploit-Db

  • descriptionProductCart 1.x/2.x advSearch_h.asp Multiple Parameter SQL Injection. CVE-2005-0994. Webapps exploit for asp platform
    idEDB-ID:23703
    last seen2016-02-02
    modified2004-02-16
    published2004-02-16
    reporterNick Gudov
    sourcehttps://www.exploit-db.com/download/23703/
    titleProductCart 1.x/2.x advSearch_h.asp Multiple Parameter SQL Injection
  • descriptionProductCart 1.x/2.x Custva.asp redirectUrl Parameter XSS. CVE-2005-0994. Webapps exploit for asp platform
    idEDB-ID:23704
    last seen2016-02-02
    modified2004-02-16
    published2004-02-16
    reporterNick Gudov
    sourcehttps://www.exploit-db.com/download/23704/
    titleProductCart 1.x/2.x Custva.asp redirectUrl Parameter XSS

Nessus

NASL familyCGI abuses
NASL idPRODUCTCART_MULTIPLE_INPUT_VULNS.NASL
descriptionThe remote host is running a version of the ProductCart shopping cart software that suffers from several input validation vulnerabilities: - SQL Injection Vulnerabilities The
last seen2020-06-01
modified2020-06-02
plugin id17971
published2005-04-06
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/17971
titleProductCart Multiple Input Validation Vulnerabilities