Vulnerabilities > CVE-2005-4331 - SQL Injection vulnerability in Ihtml Merchant Ihtml Merchant 2Pro

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
ihtml-merchant
exploit available

Summary

SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters.

Vulnerable Configurations

Part Description Count
Application
Ihtml_Merchant
1

Exploit-Db

descriptionIHTML Merchant 2.0 SQL Injection Vulnerability. CVE-2005-4331. Webapps exploit for php platform
idEDB-ID:26856
last seen2016-02-03
modified2005-12-16
published2005-12-16
reporterr0t3d3Vil
sourcehttps://www.exploit-db.com/download/26856/
titleIHTML Merchant 2.0 - SQL Injection Vulnerability