Lucene search

[email protected]CVE-2004-0348

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0348

2004-11-2305:00:00

[email protected]

web.nvd.nist.gov

sql injection

viewcart.asp

spidersales

shopping cart software

remote execution

vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.2%

JSON

SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter.

Affected configurations

NVD

Node

spidersalesspidersalesMatch2.0

CPENameOperatorVersion
spidersales:spidersalesspidersaleseq2.0

CPE	Name	Operator	Version
spidersales:spidersales	spidersales	eq	2.0

References

marc.info/?l=bugtraq&m=107833097705486&w=2

www.s-quadra.com/advisories/Adv-20040303.txt

www.securityfocus.com/bid/9799

exchange.xforce.ibmcloud.com/vulnerabilities/15371

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.2%

JSON

Related for CVE-2004-0348

cvelist1 nessus1 nvd1