Vulnerabilities > CVE-2005-3914 - SQL Injection vulnerability in Affcommerce 1.1.4

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

affcommerce

exploit available

NVD

Published: 2005-11-30

Updated: 2011-03-08

Summary

Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php.

Vulnerable Configurations

Part	Description	Count
Application	Affcommerce Affcommerce Affcommerce 1.1.4	1

Exploit-Db

description	AFFCommerce Shopping Cart 1.1.4 ItemReview.php item_id Parameter SQL Injection. CVE-2005-3914. Webapps exploit for php platform
id	EDB-ID:26564
last seen	2016-02-03
modified	2005-11-23
published	2005-11-23
reporter	r0t3d3Vil
source	https://www.exploit-db.com/download/26564/
title	AFFCommerce Shopping Cart 1.1.4 ItemReview.php item_id Parameter SQL Injection

description	AFFCommerce Shopping Cart 1.1.4 SubCategory.php cl Parameter SQL Injection. CVE-2005-3914 . Webapps exploit for php platform
id	EDB-ID:26562
last seen	2016-02-03
modified	2005-11-23
published	2005-11-23
reporter	r0t3d3Vil
source	https://www.exploit-db.com/download/26562/
title	AFFCommerce Shopping Cart 1.1.4 SubCategory.php cl Parameter SQL Injection

description	AFFCommerce Shopping Cart 1.1.4 ItemInfo.php item_id Parameter SQL Injection. CVE-2005-3914. Webapps exploit for php platform
id	EDB-ID:26563
last seen	2016-02-03
modified	2005-11-23
published	2005-11-23
reporter	r0t3d3Vil
source	https://www.exploit-db.com/download/26563/
title	AFFCommerce Shopping Cart 1.1.4 ItemInfo.php item_id Parameter SQL Injection

Summary

Vulnerable Configurations

Exploit-Db

References