7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.9 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.6%
Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.
CPE | Name | Operator | Version |
---|---|---|---|
oneworldstore:oneworldstore | oneworldstore | eq | * |
marc.info/?l=bugtraq&m=111352017704126&w=2
secunia.com/advisories/14969
securitytracker.com/id?1013720
www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab
www.osvdb.org/15518
www.osvdb.org/15519
www.osvdb.org/15520
www.securityfocus.com/bid/13181
www.securityfocus.com/bid/13182
www.securityfocus.com/bid/13183
exchange.xforce.ibmcloud.com/vulnerabilities/20097