CVE-2004-2108

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2004-2108
Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.s-quadra.com/advisories/Adv-20040123.txt Exploit
http://www.securityfocus.com/bid/9481 Exploit
http://www.osvdb.org/3698
http://www.osvdb.org/3699
http://www.osvdb.org/3700
http://www.osvdb.org/3701
http://www.osvdb.org/3702
http://www.osvdb.org/3703
http://www.osvdb.org/3704
http://www.osvdb.org/3705
http://www.osvdb.org/3706
http://securitytracker.com/alerts/2004/Jan/1008837.html
http://secunia.com/advisories/10704
http://marc.info/?l=bugtraq&m=107488132208229&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/14922
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:quadcomm:q-shop:2.5_beta:*:*:*:*:*:*:*
cpe:2.3:a:quadcomm:q-shop:2.1:*:*:*:*:*:*:*
cpe:2.3:a:quadcomm:q-shop:2.5:*:*:*:*:*:*:*
cpe:2.3:a:quadcomm:q-shop:2.0:*:*:*:*:*:*:*
Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-2108

Mitre link : CVE-2004-2108

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

quadcomm

  • q-shop