Published: 06/12/2005 Updated: 08/03/2011

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) prod, and (2) brid parameters to (a) view.php; the (3) the bid parameter to (b) viewbrands.php; and the (4) grp and (5) cat parameters to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product

source: wwwsecurityfocuscom/bid/15707/info eCommerce Enterprise Edition is prone to multiple SQL injection vulnerabilities These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks eCommerce Enterprise Edition 21 and prior and eComm ...

source: wwwsecurityfocuscom/bid/15707/info eCommerce Enterprise Edition is prone to multiple SQL injection vulnerabilities These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks eCommerce Enterprise Edition 21 and prior and eCommerc ...

source: wwwsecurityfocuscom/bid/15707/info eCommerce Enterprise Edition is prone to multiple SQL injection vulnerabilities These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks eCommerce Enterprise Edition 21 and prior and eCommerce H ...

NVD-CWE-Other http://www.securityfocus.com/bid/15707 http://www.osvdb.org/21466 http://www.osvdb.org/21467 http://www.osvdb.org/21468 http://secunia.com/advisories/17881 http://pridels0.blogspot.com/2005/12/ecommerce-enterprise-edition-sql-inj.html http://www.vupen.com/english/advisories/2005/2744 https://nvd.nist.gov https://www.exploit-db.com/exploits/26719/

CVE-2005-4035

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect