CVE-2005-4677

2006-02-0102:00:00

mitre

www.cve.org

AI Score

8.4

Confidence

Low

EPSS

0.011

Percentile

84.6%

JSON

SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php.

References

archives.neohapsis.com/archives/fulldisclosure/2005-10/0124.html

secunia.com/advisories/17082

www.oscommerce.com/community/contributions%2C1032

www.osvdb.org/19874

www.securityfocus.com/bid/15023

www.vupen.com/english/advisories/2005/1974

exchange.xforce.ibmcloud.com/vulnerabilities/22528