CVE-2005-0907

Published May 2, 2005

Last updated 16 years ago

Overview

Description: Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:valdersoft:shopping_cart:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1C315C6-34E2-4FDF-8129-909800E39ECE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References