Vulnerabilities > CVE-2005-1822 - SQL Injection and Cross-Site Scripting vulnerability in Qualiteam X-Cart 4.0.8
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Qualiteam X-Cart 4.0.8 home.php Multiple Parameter SQL Injection. CVE-2005-1822 . Webapps exploit for php platform id EDB-ID:25767 last seen 2016-02-03 modified 2005-05-30 published 2005-05-30 reporter CENSORED Search Vulnerabilities source https://www.exploit-db.com/download/25767/ title Qualiteam X-Cart 4.0.8 home.php Multiple Parameter SQL Injection description Qualiteam X-Cart 4.0.8 error_message.php id Parameter SQL Injection. CVE-2005-1822. Webapps exploit for php platform id EDB-ID:25769 last seen 2016-02-03 modified 2005-05-30 published 2005-05-30 reporter CENSORED Search Vulnerabilities source https://www.exploit-db.com/download/25769/ title Qualiteam X-Cart 4.0.8 error_message.php id Parameter SQL Injection description Qualiteam X-Cart 4.0.8 giftcert.php Multiple Parameter SQL Injection. CVE-2005-1822. Webapps exploit for php platform id EDB-ID:25774 last seen 2016-02-03 modified 2005-05-30 published 2005-05-30 reporter CENSORED Search Vulnerabilities source https://www.exploit-db.com/download/25774/ title Qualiteam X-Cart 4.0.8 giftcert.php Multiple Parameter SQL Injection description Qualiteam X-Cart 4.0.8 product.php Multiple Parameter SQL Injection. CVE-2005-1822 . Webapps exploit for php platform id EDB-ID:25768 last seen 2016-02-03 modified 2005-05-30 published 2005-05-30 reporter CENSORED Search Vulnerabilities source https://www.exploit-db.com/download/25768/ title Qualiteam X-Cart 4.0.8 product.php Multiple Parameter SQL Injection description Qualiteam X-Cart 4.0.8 orders.php mode Parameter SQL Injection. CVE-2005-1822 . Webapps exploit for php platform id EDB-ID:25771 last seen 2016-02-03 modified 2005-05-30 published 2005-05-30 reporter CENSORED Search Vulnerabilities source https://www.exploit-db.com/download/25771/ title Qualiteam X-Cart 4.0.8 orders.php mode Parameter SQL Injection description Qualiteam X-Cart 4.0.8 help.php section Parameter SQL Injection. CVE-2005-1822. Webapps exploit for php platform id EDB-ID:25770 last seen 2016-02-03 modified 2005-05-30 published 2005-05-30 reporter CENSORED Search Vulnerabilities source https://www.exploit-db.com/download/25770/ title Qualiteam X-Cart 4.0.8 help.php section Parameter SQL Injection
Nessus
NASL family | CGI abuses |
NASL id | QUALITEAM_XCART_SQL_XSS.NASL |
description | The remote host is running X-Cart, a PHP-based shopping cart system. The version installed on the remote host suffers from numerous SQL injection and cross-site scripting vulnerabilities. Attackers can exploit the former to influence database queries, resulting possibly in a compromise of the affected application, disclosure of sensitive data, or even attacks against the underlying database. And exploitation of the cross-site scripting flaws can be used to steal cookie-based authentication credentials and perform similar attacks. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18419 |
published | 2005-06-06 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18419 |
title | Qualiteam X-Cart Multiple Vulnerabilities |
code |
|