Vulnerabilities > CVE-2005-3914 - SQL Injection vulnerability in Affcommerce 1.1.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description AFFCommerce Shopping Cart 1.1.4 ItemReview.php item_id Parameter SQL Injection. CVE-2005-3914. Webapps exploit for php platform id EDB-ID:26564 last seen 2016-02-03 modified 2005-11-23 published 2005-11-23 reporter r0t3d3Vil source https://www.exploit-db.com/download/26564/ title AFFCommerce Shopping Cart 1.1.4 ItemReview.php item_id Parameter SQL Injection description AFFCommerce Shopping Cart 1.1.4 SubCategory.php cl Parameter SQL Injection. CVE-2005-3914 . Webapps exploit for php platform id EDB-ID:26562 last seen 2016-02-03 modified 2005-11-23 published 2005-11-23 reporter r0t3d3Vil source https://www.exploit-db.com/download/26562/ title AFFCommerce Shopping Cart 1.1.4 SubCategory.php cl Parameter SQL Injection description AFFCommerce Shopping Cart 1.1.4 ItemInfo.php item_id Parameter SQL Injection. CVE-2005-3914. Webapps exploit for php platform id EDB-ID:26563 last seen 2016-02-03 modified 2005-11-23 published 2005-11-23 reporter r0t3d3Vil source https://www.exploit-db.com/download/26563/ title AFFCommerce Shopping Cart 1.1.4 ItemInfo.php item_id Parameter SQL Injection