Vulnerabilities > CVE-2005-4243 - Input Validation vulnerability in Quickpaypro 3.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description QuickPayPro 3.1 customer.tickets.view.php Multiple Parameter SQL Injection. CVE-2005-4243 . Webapps exploit for php platform id EDB-ID:26828 last seen 2016-02-03 modified 2005-12-14 published 2005-12-14 reporter r0t source https://www.exploit-db.com/download/26828/ title QuickPayPro 3.1 customer.tickets.view.php Multiple Parameter SQL Injection description QuickPayPro 3.1 subscribers.tracking.edit.php subtrackingid Parameter SQL Injection. CVE-2005-4243. Webapps exploit for php platform id EDB-ID:26829 last seen 2016-02-03 modified 2005-12-14 published 2005-12-14 reporter r0t source https://www.exploit-db.com/download/26829/ title QuickPayPro 3.1 subscribers.tracking.edit.php subtrackingid Parameter SQL Injection description QuickPayPro 3.1 popups.edit.php popupid Parameter SQL Injection. CVE-2005-4243 . Webapps exploit for php platform id EDB-ID:26827 last seen 2016-02-03 modified 2005-12-14 published 2005-12-14 reporter r0t source https://www.exploit-db.com/download/26827/ title QuickPayPro 3.1 popups.edit.php popupid Parameter SQL Injection description QuickPayPro 3.1 design.php delete Parameter SQL Injection. CVE-2005-4243. Webapps exploit for php platform id EDB-ID:26830 last seen 2016-02-03 modified 2005-12-14 published 2005-12-14 reporter r0t source https://www.exploit-db.com/download/26830/ title QuickPayPro 3.1 design.php delete Parameter SQL Injection description QuickPayPro 3.1 tracking.details.php trackingid Parameter SQL Injection. CVE-2005-4243. Webapps exploit for php platform id EDB-ID:26831 last seen 2016-02-03 modified 2005-12-14 published 2005-12-14 reporter r0t source https://www.exploit-db.com/download/26831/ title QuickPayPro 3.1 tracking.details.php trackingid Parameter SQL Injection description QuickPayPro 3.1 sales.view.php customerid Parameter SQL Injection. CVE-2005-4243. Webapps exploit for php platform id EDB-ID:26832 last seen 2016-02-03 modified 2005-12-14 published 2005-12-14 reporter r0t source https://www.exploit-db.com/download/26832/ title QuickPayPro 3.1 sales.view.php customerid Parameter SQL Injection
References
- http://pridels0.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.html
- http://secunia.com/advisories/17981
- http://www.osvdb.org/21676
- http://www.osvdb.org/21677
- http://www.osvdb.org/21678
- http://www.osvdb.org/21679
- http://www.osvdb.org/21680
- http://www.osvdb.org/21681
- http://www.securityfocus.com/bid/15863
- http://www.vupen.com/english/advisories/2005/2875