CVE-2005-1161

Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=111352017704126&w=2
http://secunia.com/advisories/14969	Patch
http://securitytracker.com/id?1013720	Exploit
http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab	URL Repurposed
http://www.osvdb.org/15518
http://www.osvdb.org/15519
http://www.osvdb.org/15520
http://www.securityfocus.com/bid/13181	Exploit Patch
http://www.securityfocus.com/bid/13182	Exploit Patch
http://www.securityfocus.com/bid/13183	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/20097

Configurations

Configuration 1 (hide)

cpe:2.3:a:oneworldstore:oneworldstore:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-05-02 04:00

Updated : 2024-02-14 01:17

NVD link : CVE-2005-1161

Mitre link : CVE-2005-1161

CVE.ORG link : CVE-2005-1161

JSON object : View

Products Affected

oneworldstore

oneworldstore

CWE

NVD-CWE-Other

{"id": "CVE-2005-1161", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=111352017704126&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/14969", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1013720", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab", "tags": ["URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/15518", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/15519", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/15520", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/13181", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/13182", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/13183", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20097", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oneworldstore:oneworldstore:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "200AFE97-E718-41C0-86A0-9FE8030AAA52"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}