Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0522

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0522
Last Modified 10 Sep 2008 03:19:30
Published 18 Aug 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0522

Summary

Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.

Vulnerable Systems

Application

  • Early Impact Productcart 1.5

  • Early Impact Productcart 1.5002

  • Early Impact Productcart 1.5003

  • Early Impact Productcart 1.5003r

  • Early Impact Productcart 1.5004

  • Early Impact Productcart 1.6002

  • Early Impact Productcart 1.6003

  • Early Impact Productcart 1.6b

  • Early Impact Productcart 1.6b001

  • Early Impact Productcart 1.6b002

  • Early Impact Productcart 1.6b003

  • Early Impact Productcart 1.6br

  • Early Impact Productcart 1.6br001

  • Early Impact Productcart 1.6br003

  • Early Impact Productcart 2

  • Early Impact Productcart 2br000


References

BUGTRAQ - 20030705 Re: Another ProductCart SQL Injection Vulnerability

BUGTRAQ - 20030704 Another ProductCart SQL Injection Vulnerability


Last Updated: 27 May 2016 10:37:56