Lucene search

[email protected]CVE-2005-4614

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-4614

2005-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4614

sql injection

digishop

remote attackers

arbitrary commands

installation path

cart.php

search module parameters

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier allow remote attackers to execute arbitrary SQL commands or obtain the full installation path via (1) the c parameter in cart.php and (2) unspecified search module parameters.

CPENameOperatorVersion
sum_effect_software:digishopsum effect software digishople3.1.17

CPE	Name	Operator	Version
sum_effect_software:digishop	sum effect software digishop	le	3.1.17

References

pridels0.blogspot.com/2005/11/digishop-3x-sql-injection-vuln.html

www.osvdb.org/21302

www.osvdb.org/21303

www.vupen.com/english/advisories/2005/2563

exchange.xforce.ibmcloud.com/vulnerabilities/23357

exchange.xforce.ibmcloud.com/vulnerabilities/23358

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2005-4614

prion1 cve1