Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2062

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2062
Last Modified 07 Mar 2011 09:23:19
Published 29 Jun 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2062

Summary

Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.

Vulnerable Systems

Application

  • Active Web Softwares Activebuyandsell 6.2


References

VUPEN - ADV-2007-1096

BUGTRAQ - 20050624 [ECHO_ADV_21$2005] MUltiple Vulnarable In ActiveBuyAndSell

XF - activebuyandsell-buyersend-sql-injection(33183)

BID - 23110

MILW0RM - 3550


Last Updated: 27 May 2016 10:40:22