Lucene search

[email protected]CVE-2005-1588

HistoryMay 14, 2005 - 4:00 a.m.

CVE-2005-1588

2005-05-1404:00:00

[email protected]

web.nvd.nist.gov

sql injection

quick.cart

vulnerability

remote attackers

arbitrary commands

icategory parameter

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.3%

JSON

SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection

Affected configurations

NVD

Node

open_solutionquick.cartMatch0.3

CPENameOperatorVersion
open_solution:quick.cartopen solution quick.carteq0.3

CPE	Name	Operator	Version
open_solution:quick.cart	open solution quick.cart	eq	0.3

References

lostmon.blogspot.com/2005/05/quickcart-sword-variable-xss-and.html

www.osvdb.org/16331

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.3%

JSON

Related for CVE-2005-1588

cvelist1 nvd1