source: http://www.securityfocus.com/bid/15545/info
AFFCommerce Shopping Cart is prone to multiple SQL injection vulnerabilities.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
AFFCommerce Shopping Cart 1.1.4 is reportedly affected. It is possible that other versions are vulnerable as well.
http://www.example.com/standalone/SubCategory.php?cl=[sql]
{"bulletinFamily": "exploit", "id": "EDB-ID:26562", "cvelist": ["CVE-2005-3914"], "modified": "2005-11-23T00:00:00", "lastseen": "2016-02-03T03:51:47", "edition": 1, "sourceData": "source: http://www.securityfocus.com/bid/15545/info\r\n\r\nAFFCommerce Shopping Cart is prone to multiple SQL injection vulnerabilities.\r\n\r\nThese vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.\r\n\r\nAFFCommerce Shopping Cart 1.1.4 is reportedly affected. It is possible that other versions are vulnerable as well. \r\n\r\nhttp://www.example.com/standalone/SubCategory.php?cl=[sql]", "published": "2005-11-23T00:00:00", "href": "https://www.exploit-db.com/exploits/26562/", "osvdbidlist": ["21070"], "reporter": "r0t3d3Vil", "hash": "2ea2a5ad665a9dbb2ce1c60d0cb145d194af71eb052e14a2dd598a39157f399e", "title": "AFFCommerce Shopping Cart 1.1.4 SubCategory.php cl Parameter SQL Injection", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "AFFCommerce Shopping Cart 1.1.4 SubCategory.php cl Parameter SQL Injection. CVE-2005-3914 . Webapps exploit for php platform", "references": [], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/26562/", "enchantments": {"vulnersScore": 8.3}}
{"result": {"cve": [{"id": "CVE-2005-3914", "type": "cve", "title": "CVE-2005-3914", "description": "Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php.", "published": "2005-11-30T06:03:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3914", "cvelist": ["CVE-2005-3914"], "lastseen": "2016-09-03T06:03:37"}], "exploitdb": [{"id": "EDB-ID:26564", "type": "exploitdb", "title": "AFFCommerce Shopping Cart 1.1.4 ItemReview.php item_id Parameter SQL Injection", "description": "AFFCommerce Shopping Cart 1.1.4 ItemReview.php item_id Parameter SQL Injection. CVE-2005-3914. Webapps exploit for php platform", "published": "2005-11-23T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/26564/", "cvelist": ["CVE-2005-3914"], "lastseen": "2016-02-03T03:52:01"}, {"id": "EDB-ID:26563", "type": "exploitdb", "title": "AFFCommerce Shopping Cart 1.1.4 ItemInfo.php item_id Parameter SQL Injection", "description": "AFFCommerce Shopping Cart 1.1.4 ItemInfo.php item_id Parameter SQL Injection. CVE-2005-3914. Webapps exploit for php platform", "published": "2005-11-23T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/26563/", "cvelist": ["CVE-2005-3914"], "lastseen": "2016-02-03T03:51:54"}], "osvdb": [{"id": "OSVDB:21070", "type": "osvdb", "title": "AFFCommerce SubCategory.php cl Variable SQL Injection", "description": "## Vulnerability Description\nAFFCommerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'SubCategory.php' script not properly sanitizing user-supplied input to the 'cl' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nAFFCommerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'SubCategory.php' script not properly sanitizing user-supplied input to the 'cl' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[victim]/standalone/SubCategory.php?cl=[sql]\n## References:\nVendor URL: http://www.affcommerce.com/\n[Secunia Advisory ID:17690](https://secuniaresearch.flexerasoftware.com/advisories/17690/)\n[Related OSVDB ID: 21071](https://vulners.com/osvdb/OSVDB:21071)\n[Related OSVDB ID: 21072](https://vulners.com/osvdb/OSVDB:21072)\nOther Advisory URL: http://pridels.blogspot.com/2005/11/affcommerce-multiple-sql-inj.html\nFrSIRT Advisory: ADV-2005-2550\n[CVE-2005-3914](https://vulners.com/cve/CVE-2005-3914)\nBugtraq ID: 15545\n", "published": "2005-11-23T11:13:20", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:21070", "cvelist": ["CVE-2005-3914"], "lastseen": "2017-04-28T13:20:18"}, {"id": "OSVDB:21071", "type": "osvdb", "title": "AFFCommerce ItemInfo.php item_id Variable SQL Injection", "description": "## Vulnerability Description\nAFFCommerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'ItemInfo.php' script not properly sanitizing user-supplied input to the 'item_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nAFFCommerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'ItemInfo.php' script not properly sanitizing user-supplied input to the 'item_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[victim]/standalone/ItemInfo.php?item_id=[sql]\n## References:\nVendor URL: http://www.affcommerce.com/\n[Secunia Advisory ID:17690](https://secuniaresearch.flexerasoftware.com/advisories/17690/)\n[Related OSVDB ID: 21070](https://vulners.com/osvdb/OSVDB:21070)\n[Related OSVDB ID: 21072](https://vulners.com/osvdb/OSVDB:21072)\nOther Advisory URL: http://pridels.blogspot.com/2005/11/affcommerce-multiple-sql-inj.html\nFrSIRT Advisory: ADV-2005-2550\n[CVE-2005-3914](https://vulners.com/cve/CVE-2005-3914)\nBugtraq ID: 15545\n", "published": "2005-11-23T11:13:20", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:21071", "cvelist": ["CVE-2005-3914"], "lastseen": "2017-04-28T13:20:18"}, {"id": "OSVDB:21072", "type": "osvdb", "title": "AFFCommerce ItemReview.php item_id Variable SQL Injection", "description": "## Vulnerability Description\nAFFCommerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'ItemReview.php' script not properly sanitizing user-supplied input to the 'item_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nAFFCommerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'ItemReview.php' script not properly sanitizing user-supplied input to the 'item_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[victim]/standalone/ItemReview.php?item_id=[sql]\n## References:\nVendor URL: http://www.affcommerce.com/\n[Secunia Advisory ID:17690](https://secuniaresearch.flexerasoftware.com/advisories/17690/)\n[Related OSVDB ID: 21071](https://vulners.com/osvdb/OSVDB:21071)\n[Related OSVDB ID: 21070](https://vulners.com/osvdb/OSVDB:21070)\nOther Advisory URL: http://pridels.blogspot.com/2005/11/affcommerce-multiple-sql-inj.html\nFrSIRT Advisory: ADV-2005-2550\n[CVE-2005-3914](https://vulners.com/cve/CVE-2005-3914)\nBugtraq ID: 15545\n", "published": "2005-11-23T11:13:20", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:21072", "cvelist": ["CVE-2005-3914"], "lastseen": "2017-04-28T13:20:18"}]}}