Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php.
References
Link | Resource |
---|---|
http://securitytracker.com/id?1013565 | Exploit Patch |
http://www.securityfocus.com/archive/1/394406/2005-03-26/2005-04-01/2 | Exploit Vendor Advisory |
http://securitytracker.com/id?1013565 | Exploit Patch |
http://www.securityfocus.com/archive/1/394406/2005-03-26/2005-04-01/2 | Exploit Vendor Advisory |
Configurations
History
20 Nov 2024, 23:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://securitytracker.com/id?1013565 - Exploit, Patch | |
References | () http://www.securityfocus.com/archive/1/394406/2005-03-26/2005-04-01/2 - Exploit, Vendor Advisory |
Information
Published : 2005-05-02 04:00
Updated : 2024-11-20 23:56
NVD link : CVE-2005-0907
Mitre link : CVE-2005-0907
CVE.ORG link : CVE-2005-0907
JSON object : View
Products Affected
valdersoft
- shopping_cart
CWE