CVE-2005-4081 - Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass au

CVE-2005-4081

Summary

Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass authentication and possibly execute arbitrary SQL commands via the username and password parameters in (1) the user login and (2) administrator login pages.

References

http://securityreason.com/securityalert/228
http://www.osvdb.org/21622
http://www.securityfocus.com/archive/1/418510/100/0/threaded
http://www.securityfocus.com/bid/15699/
https://exchange.xforce.ibmcloud.com/vulnerabilities/23507

Vulnerable Configurations

cpe:2.3:a:alisveristr:alisveristr_e-commerce:*:*:*:*:*:*:*:*
cpe:2.3:a:alisveristr:alisveristr_e-commerce:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-10-2018 - 15:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	15699
bugtraq	20051203 Alisveristr E-Commerce Admin Login SQL İnjection
osvdb	21622
sreason	228
xf	alisveristr-login-sql-injection(23507)

Last major update

19-10-2018 - 15:40

Published

08-12-2005 - 01:03

Last modified

19-10-2018 - 15:40