Dragonfly Commerce 1.0 - Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14220/info Dragonfly Commerce is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

CVE-2005-2221

Dragonfly Commerce (Dragonfly) is associated with multiple SQL injection vulnerabilities in its web interface. According to the CVE records, remote attackers may modify SQL statements and possibly execute arbitrary SQL commands via user-controlled parameters: (1) key in dc_Categoriesview.asp, (2)...

CVE-2005-2221

Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the 1 key parameter to dcCategoriesview.asp, 2 dcproductslistClearance.asp, 3 PID parameter to ratings.asp, 4 dcProductsview.asp, 5 start, ...

CVE-2005-2220

Dragonfly Commerce allows remote attackers to change a product price by modifying the xDragonflyCartProductPrice hidden field to 1 dcCategorieslist.asp, 2 dcCategoriesview.asp, 3 dcproductslist.asp, and 4 dcproductslistClearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfl...

CVE-2005-2221

Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the 1 key parameter to dcCategoriesview.asp, 2 dcproductslistClearance.asp, 3 PID parameter to ratings.asp, 4 dcProductsview.asp, 5 start, ...

CVE-2005-2220

Dragonfly Commerce (Dragonfly) is affected by a vulnerability where remote attackers can modify the hidden field x_DragonflyCartProductPrice to alter product prices via several endpoints (dc_Categorieslist.asp, dc_Categoriesview.asp, dc_productslist.asp, dc_productslist_Clearance.asp). The vendor...

CVE-2005-2220

Dragonfly Commerce allows remote attackers to change a product price by modifying the xDragonflyCartProductPrice hidden field to 1 dcCategorieslist.asp, 2 dcCategoriesview.asp, 3 dcproductslist.asp, and 4 dcproductslistClearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfl...

PT-2005-3149 · Dragonfly · Dragonfly Commerce

Name of the Vulnerable Software and Affected Versions: Dragonfly Commerce affected versions not specified Description: The issue allows remote attackers to change a product price by modifying the x DragonflyCartProductPrice hidden field in several API endpoints, including "dc Categorieslist.asp",...

PT-2005-3150 · Dragonfly · Dragonfly Commerce

Name of the Vulnerable Software and Affected Versions: Dragonfly Commerce versions affected versions not specified Description: The issue allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via several parameters, including the key parameter to "dc...