CVE-2004-0348 - SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote atta

CVE-2004-0348

Summary

SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter.

References

http://marc.info/?l=bugtraq&m=107833097705486&w=2
http://www.securityfocus.com/bid/9799
http://www.s-quadra.com/advisories/Adv-20040303.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/15371

Vulnerable Configurations

cpe:2.3:a:spidersales:spidersales:2.0:*:*:*:*:*:*:*
cpe:2.3:a:spidersales:spidersales:2.0:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	9799
bugtraq	20040303 Spider Sales shopping cart software multiple security vulnerabilities
misc	http://www.s-quadra.com/advisories/Adv-20040303.txt
xf	spidersales-userid-sql-injection(15371)

Last major update

11-07-2017 - 01:30

Published

23-11-2004 - 05:00

Last modified

11-07-2017 - 01:30