Vulnerabilities > CVE-2005-1161 - Unspecified vulnerability in Oneworldstore
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN oneworldstore
exploit available
Summary
Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description OneWorldStore OWAddItem.ASP SQL Injection Vulnerability. CVE-2005-1161. Webapps exploit for asp platform id EDB-ID:25424 last seen 2016-02-03 modified 2005-04-14 published 2005-04-14 reporter Dcrab source https://www.exploit-db.com/download/25424/ title OneWorldStore OWAddItem.ASP SQL Injection Vulnerability description OneWorldStore OWListProduct.ASP Multiple SQL Injection Vulnerabilities. CVE-2005-1161. Webapps exploit for asp platform id EDB-ID:25425 last seen 2016-02-03 modified 2005-04-14 published 2005-04-14 reporter Dcrab source https://www.exploit-db.com/download/25425/ title OneWorldStore OWListProduct.ASP Multiple SQL Injection Vulnerabilities
References
- http://www.securityfocus.com/bid/13181
- http://www.securityfocus.com/bid/13182
- http://www.securityfocus.com/bid/13183
- http://www.osvdb.org/15518
- http://www.osvdb.org/15519
- http://www.osvdb.org/15520
- http://securitytracker.com/id?1013720
- http://secunia.com/advisories/14969
- http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab
- http://marc.info/?l=bugtraq&m=111352017704126&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20097