CVE-2004-1873 - SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to

CVE-2004-1873

Summary

SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.

References

Vulnerable Configurations

cpe:2.3:a:alan_ward:a-cart:2.0:*:*:*:*:*:*:*
cpe:2.3:a:alan_ward:a-cart:2.0:*:*:*:*:*:*:*
cpe:2.3:a:alan_ward:a-cart:2.0:*:pro:*:*:*:*:*
cpe:2.3:a:alan_ward:a-cart:2.0:*:pro:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	9997
bugtraq	20040329 A-CART Pro & A-CART 2.0 Input Validation Holes 20061114 A-Cart pro[ injection sql (post&get)] 20061118 A-Cart 2.0 SQL Injection 20061118 A-Cart PRO SQL Injection 20061118 Re: A-Cart PRO SQL Injection
misc	http://s-a-p.ca/index.php?page=OurAdvisories&id=27 http://www.aria-security.com/forum/showthread.php?t=31 http://www.aria-security.com/forum/showthread.php?t=32
secunia	11236
xf	acart-categoryasp-sql-injection(15661)

Last major update

14-02-2024 - 01:17

Published

31-12-2004 - 05:00

Last modified

14-02-2024 - 01:17