cbcvebase.
CVE-2004-0300
published 2004-11-23

CVE-2004-0300: SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in…

PriorityP343critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
5.17%
91.4th percentile
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.

Affected

3 ranges
VendorProductVersion rangeFixed in
ecommerce_corporation_onlinestore_kit
ecommerce_corporation_onlinestore_kit
ecommerce_corporation_onlinestore_kit
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.