CVE-2010-4147

Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:avactis:avactis_shopping_cart:*:-:free:*:*:*:*:*
cpe:2.3:a:avactis:avactis_shopping_cart:1.8.0:-:free:*:*:*:*:*
cpe:2.3:a:avactis:avactis_shopping_cart:1.8.1:-:free:*:*:*:*:*
cpe:2.3:a:avactis:avactis_shopping_cart:1.8.2:-:free:*:*:*:*:*
cpe:2.3:a:avactis:avactis_shopping_cart:1.9.0:-:free:*:*:*:*:*

History

21 Nov 2024, 01:20

Type Values Removed Values Added
References () http://holisticinfosec.org/content/view/159/45/ - () http://holisticinfosec.org/content/view/159/45/ -
References () http://secunia.com/advisories/41764 - Vendor Advisory () http://secunia.com/advisories/41764 - Vendor Advisory
References () http://www.avactis.com/forums/index.php?showtopic=5317 - Patch () http://www.avactis.com/forums/index.php?showtopic=5317 - Patch
References () http://www.osvdb.org/68646 - () http://www.osvdb.org/68646 -
References () http://www.osvdb.org/68647 - () http://www.osvdb.org/68647 -
References () http://www.securityfocus.com/bid/44104 - () http://www.securityfocus.com/bid/44104 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/62559 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/62559 -

Information

Published : 2010-11-02 02:26

Updated : 2024-11-21 01:20


NVD link : CVE-2010-4147

Mitre link : CVE-2010-4147

CVE.ORG link : CVE-2010-4147


JSON object : View

Products Affected

avactis

  • avactis_shopping_cart
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')