CVE-2003-0509
Published Aug 7, 2003
Last updated 7 years ago
Overview
- Description
- SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyberstrong:eshop:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3D9F816B-410A-4418-947E-364403E9A186",
"versionEndIncluding": "4.2"
}
],
"operator": "OR"
}
]
}
]