Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2190


Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2190
Last Modified 05 Sep 2008 04:51:07
Published 11 Jul 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp.

Vulnerable Systems


  • Comersus Open Technologies Comersus Cart


BUGTRAQ - 20050707 [Bday release] Comersus shopping cart has multiple Sql injection

SECTRACK - 1014419

Last Updated: 27 May 2016 10:40:26