QuadComm Q-Shop search.asp SQL Injection

2004-01-26T06:58:16
ID OSVDB:3706
Type osvdb
Reporter OSVDB
Modified 2004-01-26T06:58:16

Description

Vulnerability Description

Quadcomm Q-Shop contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that user input in the search.asp module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Quadcomm Q-Shop contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that user input in the search.asp module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://quadcomm.com/qshop/ Secunia Advisory ID:10704 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-01/0227 ISS X-Force ID: 14922 CVE-2004-2108 Bugtraq ID: 9481