CVE-2005-1822
published 2005-06-01CVE-2005-1822: Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.35%
81.6th percentile
Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualiteam | x-cart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'giftcert.php' Multiple SQL Injections
exploitdb·2005-05-30
CVE-2005-1822 Qualiteam X-Cart 4.0.8 - 'giftcert.php' Multiple SQL Injections
Qualiteam X-Cart 4.0.8 - 'giftcert.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Other ve
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'search.php?mode' SQL Injection
exploitdb·2005-05-30
CVE-2005-1822 Qualiteam X-Cart 4.0.8 - 'search.php?mode' SQL Injection
Qualiteam X-Cart 4.0.8 - 'search.php?mode' SQL Injection
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Other versions
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'orders.php?mode' SQL Injection
exploitdb·2005-05-30
CVE-2005-1822 Qualiteam X-Cart 4.0.8 - 'orders.php?mode' SQL Injection
Qualiteam X-Cart 4.0.8 - 'orders.php?mode' SQL Injection
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Other versions
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'register.php?mode' SQL Injection
exploitdb·2005-05-30
CVE-2005-1822 Qualiteam X-Cart 4.0.8 - 'register.php?mode' SQL Injection
Qualiteam X-Cart 4.0.8 - 'register.php?mode' SQL Injection
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Other version
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'home.php' Multiple SQL Injections
exploitdb·2005-05-30
CVE-2005-1822 Qualiteam X-Cart 4.0.8 - 'home.php' Multiple SQL Injections
Qualiteam X-Cart 4.0.8 - 'home.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Other versio
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'error_message.php?id' SQL Injection
exploitdb·2005-05-30
CVE-2005-1822 Qualiteam X-Cart 4.0.8 - 'error_message.php?id' SQL Injection
Qualiteam X-Cart 4.0.8 - 'error_message.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Other vers
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'product.php' Multiple SQL Injections
exploitdb·2005-05-30
CVE-2005-1822 Qualiteam X-Cart 4.0.8 - 'product.php' Multiple SQL Injections
Qualiteam X-Cart 4.0.8 - 'product.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Other ver
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'help.php?section' SQL Injection
exploitdb·2005-05-30
CVE-2005-1822 Qualiteam X-Cart 4.0.8 - 'help.php?section' SQL Injection
Qualiteam X-Cart 4.0.8 - 'help.php?section' SQL Injection
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Other versions
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111748583101076&w=2http://secunia.com/advisories/15555http://securitytracker.com/id?1014077http://www.securityfocus.com/bid/13817https://exchange.xforce.ibmcloud.com/vulnerabilities/20773http://marc.info/?l=bugtraq&m=111748583101076&w=2http://secunia.com/advisories/15555http://securitytracker.com/id?1014077http://www.securityfocus.com/bid/13817https://exchange.xforce.ibmcloud.com/vulnerabilities/20773
2005-06-01
Published