source: http://www.securityfocus.com/bid/15863/info
QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
http://www.example.com/settings/design.php?delete=[SQL]
{"id": "EDB-ID:26830", "type": "exploitdb", "bulletinFamily": "exploit", "title": "QuickPayPro 3.1 design.php delete Parameter SQL Injection", "description": "QuickPayPro 3.1 design.php delete Parameter SQL Injection. CVE-2005-4243. Webapps exploit for php platform", "published": "2005-12-14T00:00:00", "modified": "2005-12-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/26830/", "reporter": "r0t", "references": [], "cvelist": ["CVE-2005-4243"], "lastseen": "2016-02-03T04:28:56", "viewCount": 6, "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2016-02-03T04:28:56", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-4243"]}, {"type": "exploitdb", "idList": ["EDB-ID:26827", "EDB-ID:26828", "EDB-ID:26829", "EDB-ID:26831", "EDB-ID:26832"]}], "modified": "2016-02-03T04:28:56", "rev": 2}, "vulnersScore": 7.1}, "sourceHref": "https://www.exploit-db.com/download/26830/", "sourceData": "source: http://www.securityfocus.com/bid/15863/info\r\n \r\nQuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nSuccessful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.\r\n\r\nhttp://www.example.com/settings/design.php?delete=[SQL]", "osvdbidlist": ["21679"]}
{"cve": [{"lastseen": "2020-10-03T11:34:57", "description": "Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.", "edition": 3, "cvss3": {}, "published": "2005-12-15T11:03:00", "title": "CVE-2005-4243", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-4243"], "modified": "2011-03-08T02:27:00", "cpe": ["cpe:/a:quickpaypro:quickpaypro:3.1"], "id": "CVE-2005-4243", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4243", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:quickpaypro:quickpaypro:3.1:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-03T04:28:31", "description": "QuickPayPro 3.1 popups.edit.php popupid Parameter SQL Injection. CVE-2005-4243 . Webapps exploit for php platform", "published": "2005-12-14T00:00:00", "type": "exploitdb", "title": "QuickPayPro 3.1 popups.edit.php popupid Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-4243"], "modified": "2005-12-14T00:00:00", "id": "EDB-ID:26827", "href": "https://www.exploit-db.com/exploits/26827/", "sourceData": "source: http://www.securityfocus.com/bid/15863/info\r\n\r\nQuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n\r\nSuccessful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.\r\n\r\nhttp://www.example.com/communication/popups.edit.php?popupid=[SQL]", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26827/"}, {"lastseen": "2016-02-03T04:28:38", "description": "QuickPayPro 3.1 customer.tickets.view.php Multiple Parameter SQL Injection. CVE-2005-4243 . Webapps exploit for php platform", "published": "2005-12-14T00:00:00", "type": "exploitdb", "title": "QuickPayPro 3.1 customer.tickets.view.php Multiple Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-4243"], "modified": "2005-12-14T00:00:00", "id": "EDB-ID:26828", "href": "https://www.exploit-db.com/exploits/26828/", "sourceData": "source: http://www.securityfocus.com/bid/15863/info\r\n \r\nQuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nSuccessful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.\r\n\r\nhttp://www.example.com/communication/customer.tickets.view.php?so=[SQL]\r\nhttp://www.example.com/communication/customer.tickets.view.php?so=ASC&sb=[SQL]\r\nhttp://www.example.com/communication/customer.tickets.view.php?so=ASC&sb=Status&nr=[SQL]", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26828/"}, {"lastseen": "2016-02-03T04:28:47", "description": "QuickPayPro 3.1 subscribers.tracking.edit.php subtrackingid Parameter SQL Injection. CVE-2005-4243. Webapps exploit for php platform", "published": "2005-12-14T00:00:00", "type": "exploitdb", "title": "QuickPayPro 3.1 subscribers.tracking.edit.php subtrackingid Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-4243"], "modified": "2005-12-14T00:00:00", "id": "EDB-ID:26829", "href": "https://www.exploit-db.com/exploits/26829/", "sourceData": "source: http://www.securityfocus.com/bid/15863/info\r\n \r\nQuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nSuccessful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.\r\n\r\nhttp://www.example.com/communication/subscribers.tracking.edit.php?subtrackingid=[SQL]", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26829/"}, {"lastseen": "2016-02-03T04:29:05", "description": "QuickPayPro 3.1 tracking.details.php trackingid Parameter SQL Injection. CVE-2005-4243. Webapps exploit for php platform", "published": "2005-12-14T00:00:00", "type": "exploitdb", "title": "QuickPayPro 3.1 tracking.details.php trackingid Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-4243"], "modified": "2005-12-14T00:00:00", "id": "EDB-ID:26831", "href": "https://www.exploit-db.com/exploits/26831/", "sourceData": "source: http://www.securityfocus.com/bid/15863/info\r\n \r\nQuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nSuccessful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.\r\n\r\nhttp://www.example.com/tools/tracking.details.php?trackingid=1[SQL]", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26831/"}, {"lastseen": "2016-02-03T04:29:14", "description": "QuickPayPro 3.1 sales.view.php customerid Parameter SQL Injection. CVE-2005-4243. Webapps exploit for php platform", "published": "2005-12-14T00:00:00", "type": "exploitdb", "title": "QuickPayPro 3.1 sales.view.php customerid Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-4243"], "modified": "2005-12-14T00:00:00", "id": "EDB-ID:26832", "href": "https://www.exploit-db.com/exploits/26832/", "sourceData": "source: http://www.securityfocus.com/bid/15863/info\r\n \r\nQuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nSuccessful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.\r\n\r\nhttp://www.example.com/mycompany/sales.view.php?customerid=1[SQL] ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26832/"}]}
