Lucene search

K
cve[email protected]CVE-2005-1588
HistoryMay 14, 2005 - 4:00 a.m.

CVE-2005-1588

2005-05-1404:00:00
web.nvd.nist.gov
23
sql injection
quick.cart
vulnerability
remote attackers
arbitrary commands
icategory parameter

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.2%

SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection

Affected configurations

NVD
Node
open_solutionquick.cartMatch0.3

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.2%

Related for CVE-2005-1588