Lucene search

[email protected]CVE-2006-2164

HistoryMay 04, 2006 - 12:38 p.m.

CVE-2006-2164

2006-05-0412:38:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

information security

sql injection

vulnerabilities

avactis shopping cart

remote execution

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in © cart.php and (d) product_info.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.

CPENameOperatorVersion
pentasoft_corp.:avactis_shopping_cartpentasoft corp. avactis shopping cartle0.1.2

CPE	Name	Operator	Version
pentasoft_corp.:avactis_shopping_cart	pentasoft corp. avactis shopping cart	le	0.1.2

References

pridels0.blogspot.com/2006/05/avactis-shopping-cart-vuln.html

www.osvdb.org/25637

www.osvdb.org/25638

www.osvdb.org/25639

www.osvdb.org/25640

exchange.xforce.ibmcloud.com/vulnerabilities/26178

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2006-2164

prion1