Lucene search

[email protected]CVE-2005-0994

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0994

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

cve

sql injection

productcart 2.7

remote attackers

arbitrary commands

nvd

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON

Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report.

Affected configurations

NVD

Node

early_impactproductcartMatch2.7

CPENameOperatorVersion
early_impact:productcartearly impact productcarteq2.7

CPE	Name	Operator	Version
early_impact:productcart	early impact productcart	eq	2.7

References

digitalparadox.org/advisories/prodcart.txt

secunia.com/advisories/14833

www.osvdb.org/15263

www.osvdb.org/15265

www.securityfocus.com/bid/12990

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2005-0994

nvd1 cvelist1 nessus1