Vulnerabilities > CVE-2005-1967 - SQL-Injection vulnerability in Productcart Ecommerce
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Early Impact ProductCart 2.6/2.7 editCategories.asp lid Parameter SQL Injection. CVE-2005-1967. Webapps exploit for asp platform id EDB-ID:25796 last seen 2016-02-03 modified 2005-06-06 published 2005-06-06 reporter Dedi Dwianto source https://www.exploit-db.com/download/25796/ title Early Impact ProductCart 2.6/2.7 editCategories.asp lid Parameter SQL Injection description Early Impact ProductCart 2.6/2.7 OptionFieldsEdit.asp idccr Parameter SQL Injection. CVE-2005-1967. Webapps exploit for asp platform id EDB-ID:25798 last seen 2016-02-03 modified 2005-06-06 published 2005-06-06 reporter Dedi Dwianto source https://www.exploit-db.com/download/25798/ title Early Impact ProductCart 2.6/2.7 OptionFieldsEdit.asp idccr Parameter SQL Injection description Early Impact ProductCart 2.6/2.7 modCustomCardPaymentOpt.asp idc Parameter SQL Injection. CVE-2005-1967. Webapps exploit for asp platform id EDB-ID:25797 last seen 2016-02-03 modified 2005-06-06 published 2005-06-06 reporter Dedi Dwianto source https://www.exploit-db.com/download/25797/ title Early Impact ProductCart 2.6/2.7 modCustomCardPaymentOpt.asp idc Parameter SQL Injection description Early Impact ProductCart 2.6/2.7 viewPrd.asp idcategory Parameter SQL Injection. CVE-2005-1967. Webapps exploit for asp platform id EDB-ID:25795 last seen 2016-02-03 modified 2005-06-06 published 2005-06-06 reporter Dedi Dwianto source https://www.exploit-db.com/download/25795/ title Early Impact ProductCart 2.6/2.7 viewPrd.asp idcategory Parameter SQL Injection
Nessus
NASL family | CGI abuses |
NASL id | PRODUCTCART_SQL_INJECTION2.NASL |
description | The remote host is running a version of the ProductCart shopping cart software that fails to properly sanitize user-supplied input before using it in SQL queries. An attacker may be able to exploit these flaws to alter database queries, disclose sensitive information, or conduct other such attacks. Possible attack vectors include the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18436 |
published | 2005-06-08 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18436 |
title | ProductCart Multiple Scripts SQL Injection |
code |
|