Vulnerabilities > CVE-2005-4035 - SQL Injection vulnerability in Web4Future eCommerce Enterprise Edition

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
web4future
exploit available
NVD
Published: 2005-12-06
Updated: 2011-03-08

Summary

Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prod, and (2) brid parameters to (a) view.php; the (3) the bid parameter to (b) viewbrands.php; and the (4) grp and (5) cat parameters to index.php.

Vulnerable Configurations

Part Description Count
Application
Web4Future
2

Exploit-Db

  • descriptionWeb4Future eCommerce Enterprise Edition 2.1 viewbrands.php bid Parameter SQL Injection. CVE-2005-4035. Webapps exploit for php platform
    idEDB-ID:26719
    last seen2016-02-03
    modified2005-12-05
    published2005-12-05
    reporterr0t3d3Vil
    sourcehttps://www.exploit-db.com/download/26719/
    titleWeb4Future eCommerce Enterprise Edition 2.1 viewbrands.php bid Parameter SQL Injection
  • descriptionWeb4Future eCommerce Enterprise Edition 2.1 view.php Multiple Parameter SQL Injection. CVE-2005-4035 . Webapps exploit for php platform
    idEDB-ID:26717
    last seen2016-02-03
    modified2005-12-05
    published2005-12-05
    reporterr0t3d3Vil
    sourcehttps://www.exploit-db.com/download/26717/
    titleWeb4Future eCommerce Enterprise Edition 2.1 view.php Multiple Parameter SQL Injection
  • descriptionWeb4Future eCommerce Enterprise Edition 2.1 index.php Multiple Parameter SQL Injection. CVE-2005-4035. Webapps exploit for php platform
    idEDB-ID:26718
    last seen2016-02-03
    modified2005-12-05
    published2005-12-05
    reporterr0t3d3Vil
    sourcehttps://www.exploit-db.com/download/26718/
    titleWeb4Future eCommerce Enterprise Edition 2.1 index.php Multiple Parameter SQL Injection

References