Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2053

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2053
Last Modified 07 Mar 2011 09:35:04
Published 26 Apr 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2053

Summary

Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm, (2) ItemID parameter in (c) proddetail.cfm, (3) SubCatID parameter in (d) index.cfm, the (4) CategoryID parameter in (e) prodpage.cfm, and (5) ProdID parameter in (f) Details.cfm. NOTE: these issues can also be exploited for path disclosure.

Vulnerable Systems

Application

  • Quickestore 7.9


References

VUPEN - ADV-2006-1514

XF - quickestore-multiple-sql-injection(26045)

OSVDB - 24980

OSVDB - 24979

OSVDB - 24978

OSVDB - 24977

OSVDB - 24976

SECUNIA - 19817

MISC - http://pridels0.blogspot.com/2006/04/quickestore-79-vuln.html


Last Updated: 27 May 2016 10:42:18