2 matches found
CVE-2007-3933
SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053...
CVE-2007-3933
CVE-2007-3933 is linked to a QuickEStore SQL injection in insertorder.cfm via the CFTOKEN parameter. The Nessus plugin details a remote exploit against QuickEStore versions 8.2 and earlier, enabling arbitrary SQL commands due to unsanitized input in database queries. The note states this is a dif...