Vulnerabilities > CVE-2005-2062 - SQL Injection vulnerability in Active web Softwares Activebuyandsell 6.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description ActiveBuyandSell v6.2 (buyersend.asp catid) Blind SQL Injection Vulnerability. CVE-2005-2062. Webapps exploit for asp platform id EDB-ID:10526 last seen 2016-02-01 modified 2009-12-17 published 2009-12-17 reporter R3d-D3V!L source https://www.exploit-db.com/download/10526/ title ActiveBuyandSell 6.2 - buyersend.asp catid Blind SQL Injection Vulnerability description ActiveBuyandSell 6.2 (buyersend.asp catid) SQL Injection Vulnerability. CVE-2005-2062. Webapps exploit for asp platform file exploits/asp/webapps/3550.txt id EDB-ID:3550 last seen 2016-01-31 modified 2007-03-23 platform asp port published 2007-03-23 reporter CyberGhost source https://www.exploit-db.com/download/3550/ title ActiveBuyandSell 6.2 buyersend.asp catid SQL Injection Vulnerability type webapps