Lucene search

[email protected]CVE-2005-3735

HistoryNov 22, 2005 - 12:03 a.m.

CVE-2005-3735

2005-11-2200:03:00

[email protected]

web.nvd.nist.gov

157

cve-2005-3735

sql injection

e-quick cart

security vulnerability

nvd

9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp.

Affected configurations

NVD

Node

coastal_data_managemente-quick_cart

CPENameOperatorVersion
coastal_data_management:e-quick_cartcoastal data management e-quick carteq*

CPE	Name	Operator	Version
coastal_data_management:e-quick_cart	coastal data management e-quick cart	eq	*

References

secunia.com/advisories/17652

securitytracker.com/id?1015244

www.osvdb.org/20997

www.osvdb.org/20998

www.osvdb.org/20999

www.securityfocus.com/bid/15510

www.vupen.com/english/advisories/2005/2506

9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

Related for CVE-2005-3735

cvelist1 nvd1