CVE-2003-0509 - SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal au

CVE-2003-0509

Summary

SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.

References

http://marc.info/?l=bugtraq&m=105709450711395&w=2
http://secunia.com/advisories/9165
http://securitytracker.com/id?1007092
http://www.osvdb.org/10098
http://www.osvdb.org/10099
http://www.osvdb.org/10100
http://www.securityfocus.com/bid/14101
http://www.securityfocus.com/bid/14103
http://www.securityfocus.com/bid/14112
https://exchange.xforce.ibmcloud.com/vulnerabilities/12485

Vulnerable Configurations

cpe:2.3:a:cyberstrong:eshop:*:*:*:*:*:*:*:*
cpe:2.3:a:cyberstrong:eshop:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	14101 14103 14112
bugtraq	20030701 CyberStrong Shopping Cart - Advisory & Exploit Code
osvdb	10098 10099 10100
sectrack	1007092
secunia	9165
xf	cyberstrongeshop-multiple-sql-injection(12485)

Last major update

11-07-2017 - 01:29

Published

07-08-2003 - 04:00

Last modified

11-07-2017 - 01:29