CVE-2005-0935 - Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute a

CVE-2005-0935

Summary

Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.

References

http://marc.info/?l=bugtraq&m=111221890614271&w=2
http://secunia.com/advisories/14711
http://securitytracker.com/id?1013563
http://www.hackerscenter.com/Archive/view.asp?id=1774
http://www.osvdb.org/15057
http://www.osvdb.org/15058
http://www.securityfocus.com/bid/12903

Vulnerable Configurations

cpe:2.3:a:esmi:paypal_storefront:1.7:*:*:*:*:*:*:*
cpe:2.3:a:esmi:paypal_storefront:1.7:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 03:15)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	12903
bugtraq	20050330 Multiple sql injection, and xss vulnerabilities in Pay pal Storefront
misc	http://www.hackerscenter.com/Archive/view.asp?id=1774
osvdb	15057 15058
sectrack	1013563
secunia	14711

Last major update

18-10-2016 - 03:15

Published

02-05-2005 - 04:00

Last modified

18-10-2016 - 03:15