CVE-2005-3208
published 2005-10-14CVE-2005-3208: Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the…
PriorityP333medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.15%
79.9th percentile
Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Aenovo - '/Password/default.asp?Password' SQL Injection
exploitdb·2005-10-07
CVE-2005-3208 Aenovo - '/Password/default.asp?Password' SQL Injection
Aenovo - '/Password/default.asp?Password' SQL Injection
---
source: https://www.securityfocus.com/bid/15036/info
Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Aenovo Login-Bypass PoC - Kapda `s advisory
Discovery and exploit by farhadkey [at} kapda.ir
Kapda - Security Science Researchers Institute
of Iran
Exploit-DB
Aenovo - '/incs/searchdisplay.asp?strSQL' SQL Injection
exploitdb·2005-10-07
CVE-2005-3208 Aenovo - '/incs/searchdisplay.asp?strSQL' SQL Injection
Aenovo - '/incs/searchdisplay.asp?strSQL' SQL Injection
---
source: https://www.securityfocus.com/bid/15036/info
Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
AeNovo :Lists username and password of administrators
http://www.example.com/search.asp?strSQL=[SQL Injection]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=112872593432359&w=2http://secunia.com/advisories/17117/http://www.kapda.ir/advisory-78.htmlhttp://www.osvdb.org/19936http://www.osvdb.org/19937http://www.securityfocus.com/bid/15036http://www.securityfocus.com/bid/15038https://exchange.xforce.ibmcloud.com/vulnerabilities/22547https://exchange.xforce.ibmcloud.com/vulnerabilities/22551https://exchange.xforce.ibmcloud.com/vulnerabilities/22553http://marc.info/?l=bugtraq&m=112872593432359&w=2http://secunia.com/advisories/17117/http://www.kapda.ir/advisory-78.htmlhttp://www.osvdb.org/19936http://www.osvdb.org/19937http://www.securityfocus.com/bid/15036http://www.securityfocus.com/bid/15038https://exchange.xforce.ibmcloud.com/vulnerabilities/22547https://exchange.xforce.ibmcloud.com/vulnerabilities/22551https://exchange.xforce.ibmcloud.com/vulnerabilities/22553
2005-10-14
Published