ID CVE-2006-4852
Summary SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:quadcomm:q-shop:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:quadcomm:q-shop:3.5:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 20075
bugtraq 20060917 Q-Shop v3.5(browse.asp) Remote SQL Injection Vulnerability
exploit-db 2384
osvdb 28917
secunia 21929
sreason 1589
vupen ADV-2006-3665
xf qshop-browse-sql-injection(28970)
Last major update 17-10-2018 - 21:39
Published 19-09-2006 - 01:07
Last modified 17-10-2018 - 21:39
Back to Top