Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1161

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1161
Last Modified 05 Sep 2008 04:48:23
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1161

Summary

Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.

Vulnerable Systems

Application

  • Oneworldstore


References

BID - 13183

BID - 13182

BID - 13181

SECUNIA - 14969

XF - oneworldstore-product-category-sql-injection(20097)

OSVDB - 15520

OSVDB - 15519

OSVDB - 15518

CONFIRM - http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab

SECTRACK - 1013720

BUGTRAQ - 20050414 Multiple multiple sql injection/errors and xss vulnerabilities in OneWorldStore


Last Updated: 27 May 2016 10:40:04