CVE-2004-1873
published 2004-12-31CVE-2004-1873: SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.43%
82.2th percentile
SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alan_ward | a-cart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6jxw-cmhp-g5c4: Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-6111 [HIGH] GHSA-6jxw-cmhp-g5c4: Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2
Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873.
GHSA
GHSA-9vp2-wg6r-vp74: SQL injection vulnerability in category
ghsa_unreviewed·2022-04-29
CVE-2004-1873 [HIGH] GHSA-9vp2-wg6r-vp74: SQL injection vulnerability in category
SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.
No detection rules found.
Exploit-DB
Alan Ward A-CART 2.0 - 'category.asp?catcode' SQL Injection (1)
exploitdb·2006-11-18
CVE-2004-1873 Alan Ward A-CART 2.0 - 'category.asp?catcode' SQL Injection (1)
Alan Ward A-CART 2.0 - 'category.asp?catcode' SQL Injection (1)
---
source: https://www.securityfocus.com/bid/21166/info
A-Cart is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
A-Cart 2.0 and A-Cart Pro are vulnerable; other versions may also be affected.
http://www.example.com/path/category.asp?catcode=[SQL INJECTION]
Exploit-DB
Alan Ward A-CART 2.0 - 'category.asp?catcode' SQL Injection (2)
exploitdb·2004-03-29
CVE-2004-1873 Alan Ward A-CART 2.0 - 'category.asp?catcode' SQL Injection (2)
Alan Ward A-CART 2.0 - 'category.asp?catcode' SQL Injection (2)
---
source: https://www.securityfocus.com/bid/9997/info
Reportedly A-Cart is prone to multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input prior to its use in SQL queries and generation of dynamic content.
The SQL injection issue may allow a remote attacker to manipulate SQL query logic, potentially leading to access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting issue could permit a remote attacker to create a malicious link to the vulnera
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108057887008983&w=2http://s-a-p.ca/index.php?page=OurAdvisories&id=27http://secunia.com/advisories/11236http://www.aria-security.com/forum/showthread.php?t=31http://www.aria-security.com/forum/showthread.php?t=32http://www.securityfocus.com/archive/1/451594/100/100/threadedhttp://www.securityfocus.com/archive/1/452005/100/0/threadedhttp://www.securityfocus.com/archive/1/452006/100/0/threadedhttp://www.securityfocus.com/archive/1/452023/100/0/threadedhttp://www.securityfocus.com/bid/9997https://exchange.xforce.ibmcloud.com/vulnerabilities/15661http://marc.info/?l=bugtraq&m=108057887008983&w=2http://s-a-p.ca/index.php?page=OurAdvisories&id=27http://secunia.com/advisories/11236http://www.aria-security.com/forum/showthread.php?t=31http://www.aria-security.com/forum/showthread.php?t=32http://www.securityfocus.com/archive/1/451594/100/100/threadedhttp://www.securityfocus.com/archive/1/452005/100/0/threadedhttp://www.securityfocus.com/archive/1/452006/100/0/threadedhttp://www.securityfocus.com/archive/1/452023/100/0/threadedhttp://www.securityfocus.com/bid/9997https://exchange.xforce.ibmcloud.com/vulnerabilities/15661
2004-12-31
Published