CVE-2003-0522

Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=105733145930031&w=2
http://marc.info/?l=bugtraq&m=105760660928715&w=2

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:early_impact:productcart:1.5:::::::*
	cpe:2.3:a:early_impact:productcart:1.6b:::::::*
	cpe:2.3:a:early_impact:productcart:1.6b001:::::::*
	cpe:2.3:a:early_impact:productcart:1.6b002:::::::*
	cpe:2.3:a:early_impact:productcart:1.6b003:::::::*
	cpe:2.3:a:early_impact:productcart:1.6br:::::::*
	cpe:2.3:a:early_impact:productcart:1.6br001:::::::*
	cpe:2.3:a:early_impact:productcart:1.6br003:::::::*
	cpe:2.3:a:early_impact:productcart:1.5002:::::::*
	cpe:2.3:a:early_impact:productcart:1.5003:::::::*
	cpe:2.3:a:early_impact:productcart:1.5003r:::::::*
	cpe:2.3:a:early_impact:productcart:1.5004:::::::*
	cpe:2.3:a:early_impact:productcart:1.6002:::::::*
	cpe:2.3:a:early_impact:productcart:1.6003:::::::*
	cpe:2.3:a:early_impact:productcart:2:::::::*
	cpe:2.3:a:early_impact:productcart:2br000:::::::*

History

No history.

Information

Published : 2003-08-18 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2003-0522

Mitre link : CVE-2003-0522

CVE.ORG link : CVE-2003-0522

JSON object : View

Products Affected

early_impact

productcart

CWE

NVD-CWE-Other

{"id": "CVE-2003-0522", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-08-18T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=105733145930031&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=105760660928715&w=2", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de SQL en ProductCart 1.5 a 2 permite a atacantes remotos \r\nganar acceso al panel de control de admin mediante el par\u00e1metro idadmin de login.asp, o \r\nganar otros privilegios mediante el par\u00e1metro email de custva.asp."}], "lastModified": "2016-10-18T02:34:56.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:early_impact:productcart:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "187A49C7-29D2-4288-BC2C-1C341970DA3A"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.6b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95937001-3EE3-433D-B713-582E996F0519"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.6b001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36E8BEC1-2B71-4276-A4D9-6E9E4AB386BD"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.6b002:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F73F4B7-552A-4B39-AE4E-9719E54EC127"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.6b003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "621827C0-88A6-4401-9089-11C69A6415D3"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.6br:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E656346-5C64-4728-99AA-788E907EC102"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.6br001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A41B3128-5AAB-4569-9671-C414B00750D4"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.6br003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02478E47-A2DC-46D3-9688-1C169E53D061"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.5002:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BA9179C-B8E8-4AD8-96A3-C5A266CF3A6F"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.5003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2633071B-D162-4F9B-962F-849AC7787A8D"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.5003r:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8963787A-0A12-4817-9131-75D25A2701E3"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.5004:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CA232AA-BDD2-4B9A-8AB8-E4B1C507C807"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.6002:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8468FBB-4275-4051-9499-896EA3B2E53B"}, {"criteria": "cpe:2.3:a:early_impact:productcart:1.6003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D013E775-C9FE-46E1-8DF3-414306EE7826"}, {"criteria": "cpe:2.3:a:early_impact:productcart:2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38955E18-4972-48B6-BE42-9D26D0DE4DF7"}, {"criteria": "cpe:2.3:a:early_impact:productcart:2br000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FEBD6A4-F3DD-44FB-B289-A26394177B04"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}