1. CVE-Search
  2. CVE-2005-1029
ID CVE-2005-1029
Summary Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.
References
Vulnerable Configurations
  • cpe:2.3:a:active_web_softwares:active_auction_house:7.1:*:pro:*:*:*:*:*
    cpe:2.3:a:active_web_softwares:active_auction_house:7.1:*:pro:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid
  • 13032
  • 13034
  • 13035
bugtraq 20050406 Active Auction House has multiple Sql injection, error and XSS
misc http://digitalparadox.org/advisories/aass.txt
osvdb
  • 15281
  • 15282
  • 15283
sectrack 1013649
secunia 14839
xf aah-multiple-scripts-sql-injection(19977)
Last major update 11-07-2017 - 01:32
Published 06-04-2005 - 04:00
Last modified 11-07-2017 - 01:32
Back to Top