Vulnerabilities > CVE-2005-3208 - SQL Injection vulnerability in Aenovo Aenovo, Aenovoshop and Aenovowysi

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
aenovo
exploit available
NVD
Published: 2005-10-14
Updated: 2017-07-11

Summary

Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.

Vulnerable Configurations

Part Description Count
Application
Aenovo
3

Exploit-Db

  • descriptionaeNovo /incs/searchdisplay.asp strSQL Parameter SQL Injection. CVE-2005-3208 . Webapps exploit for asp platform
    idEDB-ID:26334
    last seen2016-02-03
    modified2005-10-07
    published2005-10-07
    reporterfarhad koosha
    sourcehttps://www.exploit-db.com/download/26334/
    titleaeNovo /incs/searchdisplay.asp strSQL Parameter SQL Injection
  • descriptionAenovo /password/default.asp password Field SQL Injection. CVE-2005-3208. Webapps exploit for asp platform
    idEDB-ID:26333
    last seen2016-02-03
    modified2005-10-07
    published2005-10-07
    reporterfarhad koosha
    sourcehttps://www.exploit-db.com/download/26333/
    titleAenovo /password/default.asp password Field SQL Injection

References