CVE-2006-4297 - SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows

CVE-2006-4297

Summary

SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters.

References

Vulnerable Configurations

cpe:2.3:a:oscommerce:oscommerce:2.2_ms2_2006-08-17:*:*:*:*:*:*:*
cpe:2.3:a:oscommerce:oscommerce:2.2_ms2_2006-08-17:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	19644 19774
bugtraq	20060830 osCommerce < 2.2 Milestone 2 060817 POC Exploit
confirm	http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371
misc	http://www.gulftech.org/?node=research&article_id=00110-08172006
sectrack	1016719
xf	oscommerce-shoppingcart-sql-injection(28434)

Last major update

17-10-2018 - 21:34

Published

23-08-2006 - 01:04

Last modified

17-10-2018 - 21:34