5 matches found
CVE-2004-1881
SQL injection vulnerability in 1 mailorder.asp or 2 payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter...
CVE-2004-1881
CVE-2004-1881 affects CactuShop 5.x. The SQL injection vulnerability occurs in mailorder.asp and payonline.asp, where the user-supplied strItems parameter is not filtered before use in an SQL query, allowing remote attackers to modify queries and potentially execute system commands (e.g., via xp_...
CVE-2004-1882
CVE-2004-1882 concerns CactuShop 5.x (ASP). The vulnerability is a cross-site scripting (XSS) flaw in the script popuplargeimage.asp, exploitable via the user-controlled parameter strImageTag . OpenVAS notes that the remote host runs CactuShop and that lack of sanitization can enable execution of...
CVE-2004-1882
Cross-site scripting XSS vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter...
CVE-2004-1881
SQL injection vulnerability in 1 mailorder.asp or 2 payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter...