CVE-2004-0300

SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=107712117913185&w=2
http://secunia.com/advisories/10902/
http://securitytracker.com/alerts/2004/Feb/1009092.html
http://www.osvdb.org/3973
http://www.securityfocus.com/bid/9676	Exploit Vendor Advisory
http://www.securityfocus.com/bid/9687	Vendor Advisory
http://www.systemsecure.org/advisories/ssadvisory16022004.php
http://www.zone-h.org/en/advisories/read/id=3972/
https://exchange.xforce.ibmcloud.com/vulnerabilities/15232
http://marc.info/?l=bugtraq&m=107712117913185&w=2
http://secunia.com/advisories/10902/
http://securitytracker.com/alerts/2004/Feb/1009092.html
http://www.osvdb.org/3973
http://www.securityfocus.com/bid/9676	Exploit Vendor Advisory
http://www.securityfocus.com/bid/9687	Vendor Advisory
http://www.systemsecure.org/advisories/ssadvisory16022004.php
http://www.zone-h.org/en/advisories/read/id=3972/
https://exchange.xforce.ibmcloud.com/vulnerabilities/15232

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ecommerce_corporation_online:store_kit:3.0_lite:::::::*
	cpe:2.3:a:ecommerce_corporation_online:store_kit:3.0_pro:::::::*
	cpe:2.3:a:ecommerce_corporation_online:store_kit:3.0_standard:::::::*

History

20 Nov 2024, 23:48

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=107712117913185&w=2 -~~	() http://marc.info/?l=bugtraq&m=107712117913185&w=2 -
References	~~() http://secunia.com/advisories/10902/ -~~	() http://secunia.com/advisories/10902/ -
References	~~() http://securitytracker.com/alerts/2004/Feb/1009092.html -~~	() http://securitytracker.com/alerts/2004/Feb/1009092.html -
References	~~() http://www.osvdb.org/3973 -~~	() http://www.osvdb.org/3973 -
References	~~() http://www.securityfocus.com/bid/9676 - Exploit, Vendor Advisory~~	() http://www.securityfocus.com/bid/9676 - Exploit, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/9687 - Vendor Advisory~~	() http://www.securityfocus.com/bid/9687 - Vendor Advisory
References	~~() http://www.systemsecure.org/advisories/ssadvisory16022004.php -~~	() http://www.systemsecure.org/advisories/ssadvisory16022004.php -
References	~~() http://www.zone-h.org/en/advisories/read/id=3972/ -~~	() http://www.zone-h.org/en/advisories/read/id=3972/ -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/15232 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/15232 -

Information

Published : 2004-11-23 05:00

Updated : 2024-11-20 23:48

NVD link : CVE-2004-0300

Mitre link : CVE-2004-0300

CVE.ORG link : CVE-2004-0300

JSON object : View

Products Affected

ecommerce_corporation_online

store_kit

CWE

NVD-CWE-Other

10.0 /10