CVE-2004-0300

{"id": "CVE-2004-0300", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-11-23T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=107712117913185&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/10902/", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/alerts/2004/Feb/1009092.html", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/3973", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/9676", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/9687", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.systemsecure.org/advisories/ssadvisory16022004.php", "source": "cve@mitre.org"}, {"url": "http://www.zone-h.org/en/advisories/read/id=3972/", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15232", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de SQL en Online Store Kit 3.0 permite a atacantes remotos inyectar SQL arbitrario y ganar acceso no autorizado mediante (1) el par\u00e1metro cat en shop.php, (2) el par\u00e1metro id en more.php, y (3) el par\u00e1metro cat_manufacturer en shop_by_brand.php, o (4) el par\u00e1metro id en listing.php."}], "lastModified": "2017-07-11T01:30:03.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ecommerce_corporation_online:store_kit:3.0_lite:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A4E7003-79F8-41F7-83C7-213842CD8F7D"}, {"criteria": "cpe:2.3:a:ecommerce_corporation_online:store_kit:3.0_pro:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECE2A17C-E33D-4527-AA90-0B1C39F63DE9"}, {"criteria": "cpe:2.3:a:ecommerce_corporation_online:store_kit:3.0_standard:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50876CBB-538F-4AC0-AA89-7E5119F1A6E4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}