Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbJohn CobbEDB-ID:25356
HistoryApr 06, 2005 - 12:00 a.m.

CubeCart 2.0.x - 'tellafriend.php?product' Full Path Disclosure

2005-04-0600:00:00
John Cobb
www.exploit-db.com
20

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/13050/info
 
CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
 
These issues affect the 'index.php', 'tellafriend.php', 'view_cart.php', and 'view_product.php' script.
 
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
 
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. This is not confirmed. 

http://www.example.com/tellafriend.php?&product='

Related

exploitdb 3
cvelist 1
nvd 1
nessus 1
cve 1
exploitdb
exploitdb
CubeCart 2.0.x - 'index.php' Multiple Full Path Disclosures
2005-04-06 00:00:00
CubeCart 2.0.x - 'view_cart.php?add' Full Path Disclosure
2005-04-06 00:00:00
CubeCart 2.0.x - 'view_product.php?product' Full Path Disclosure
2005-04-06 00:00:00
cvelist
cvelist
CVE-2005-1033
2005-04-09 04:00:00
nvd
nvd
CVE-2005-1033
2005-05-02 04:00:00
nessus
nessus
CubeCart <= 2.0.6 Multiple SQL Injections
2005-04-08 00:00:00
cve
cve
CVE-2005-1033
2005-05-02 04:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:25356
exploitdb3cvelist1nvd1nessus1cve1