CVE-2005-1822

EPSS 2.4%

Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.

Affected products

n/a · n/a

public PoCs found — 8

exploitdbwww.exploit-db.com/exploits/25769unverified exploitdbwww.exploit-db.com/exploits/25774unverified exploitdbwww.exploit-db.com/exploits/25770unverified exploitdbwww.exploit-db.com/exploits/25767unverified exploitdbwww.exploit-db.com/exploits/25771unverified exploitdbwww.exploit-db.com/exploits/25768unverified exploitdbwww.exploit-db.com/exploits/25772unverified exploitdbwww.exploit-db.com/exploits/25773unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://marc.info/?l=bugtraq&m=111748583101076&w=2 http://secunia.com/advisories/15555 http://securitytracker.com/id?1014077 https://exchange.xforce.ibmcloud.com/vulnerabilities/20773 http://www.securityfocus.com/bid/13817