Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0300

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0300
Last Modified 05 Sep 2008 04:38:04
Published 23 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0300

Summary

SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.

Vulnerable Systems

Application

  • Ecommerce Corporation Online Store Kit 3.0 Lite

  • Ecommerce Corporation Online Store Kit 3.0 Pro

  • Ecommerce Corporation Online Store Kit 3.0 Standard


References

XF - onlinestorekit-more-sql-injection(15232)

MISC - http://www.zone-h.org/en/advisories/read/id=3972/

MISC - http://www.systemsecure.org/advisories/ssadvisory16022004.php

BID - 9687

BID - 9676

SECUNIA - 10902

BUGTRAQ - 20040218 ZH2004-07SA (security advisory): Multiple Sql injection

OSVDB - 3973

SECTRACK - 1009092


Last Updated: 27 May 2016 10:38:33