CVE-2005-1588

Опубликовано: 11 мая 2005

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection

Ссылки

http://lostmon.blogspot.com/2005/05/quickcart-sword-variable-xss-and.html
Exploit
Vendor Advisory
http://www.osvdb.org/16331
Exploit
Vendor Advisory
http://lostmon.blogspot.com/2005/05/quickcart-sword-variable-xss-and.html
Exploit
Vendor Advisory
http://www.osvdb.org/16331
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:open_solution:quick.cart:0.3:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00716

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-pr7j-566r-q2rq

github

почти 4 года назад

** DISPUTED ** SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection.