Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2220


Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2220
Last Modified 05 Sep 2008 04:51:11
Published 12 Jul 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



** DISPUTED ** Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem.

Vulnerable Systems


  • Incredible Interactive Dragonfly Commerce



SECTRACK - 1014451

BUGTRAQ - 20050712 Dragonfly Shopping Cart Multiple vulnerabilities

Last Updated: 27 May 2016 10:40:26