Описание
Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm.
Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-2038
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26064
- http://pridels0.blogspot.com/2006/04/ampleshop-ecommerce-software-vuln.html
- http://secunia.com/advisories/19806
- http://www.osvdb.org/24934
- http://www.osvdb.org/24935
- http://www.osvdb.org/24936
- http://www.osvdb.org/24937
- http://www.vupen.com/english/advisories/2006/1512
EPSS
CVE ID
Связанные уязвимости
Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm.
EPSS