Vulnerabilities > CVE-2005-0994 - Unspecified vulnerability in Early Impact Productcart 2.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description ProductCart 1.x/2.x advSearch_h.asp Multiple Parameter SQL Injection. CVE-2005-0994. Webapps exploit for asp platform id EDB-ID:23703 last seen 2016-02-02 modified 2004-02-16 published 2004-02-16 reporter Nick Gudov source https://www.exploit-db.com/download/23703/ title ProductCart 1.x/2.x advSearch_h.asp Multiple Parameter SQL Injection description ProductCart 1.x/2.x Custva.asp redirectUrl Parameter XSS. CVE-2005-0994. Webapps exploit for asp platform id EDB-ID:23704 last seen 2016-02-02 modified 2004-02-16 published 2004-02-16 reporter Nick Gudov source https://www.exploit-db.com/download/23704/ title ProductCart 1.x/2.x Custva.asp redirectUrl Parameter XSS
Nessus
| NASL family | CGI abuses |
| NASL id | PRODUCTCART_MULTIPLE_INPUT_VULNS.NASL |
| description | The remote host is running a version of the ProductCart shopping cart software that suffers from several input validation vulnerabilities: - SQL Injection Vulnerabilities The |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 17971 |
| published | 2005-04-06 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17971 |
| title | ProductCart Multiple Input Validation Vulnerabilities |