CVE-2005-3914
published 2005-11-30CVE-2005-3914: Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to…
PriorityP433medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
1.31%
66.9th percentile
Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| affcommerce | affcommerce | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AFFCommerce Shopping Cart 1.1.4 - 'ItemReview.php?item_id' SQL Injection
exploitdb·2005-11-23
CVE-2005-3914 AFFCommerce Shopping Cart 1.1.4 - 'ItemReview.php?item_id' SQL Injection
AFFCommerce Shopping Cart 1.1.4 - 'ItemReview.php?item_id' SQL Injection
---
source: https://www.securityfocus.com/bid/15545/info
AFFCommerce Shopping Cart is prone to multiple SQL injection vulnerabilities.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
AFFCommerce Shopping Cart 1.1.4 is reportedly affected. It is possible that other versions are vulnerable as well.
http://www.example.com/standalone/ItemReview.php?item_id=[sql]
Exploit-DB
AFFCommerce Shopping Cart 1.1.4 - 'subcategory.php?cl' SQL Injection
exploitdb·2005-11-23
CVE-2005-3914 AFFCommerce Shopping Cart 1.1.4 - 'subcategory.php?cl' SQL Injection
AFFCommerce Shopping Cart 1.1.4 - 'subcategory.php?cl' SQL Injection
---
source: https://www.securityfocus.com/bid/15545/info
AFFCommerce Shopping Cart is prone to multiple SQL injection vulnerabilities.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
AFFCommerce Shopping Cart 1.1.4 is reportedly affected. It is possible that other versions are vulnerable as well.
http://www.example.com/standalone/SubCategory.php?cl=[sql]
Exploit-DB
AFFCommerce Shopping Cart 1.1.4 - 'ItemInfo.php?item_id' SQL Injection
exploitdb·2005-11-23
CVE-2005-3914 AFFCommerce Shopping Cart 1.1.4 - 'ItemInfo.php?item_id' SQL Injection
AFFCommerce Shopping Cart 1.1.4 - 'ItemInfo.php?item_id' SQL Injection
---
source: https://www.securityfocus.com/bid/15545/info
AFFCommerce Shopping Cart is prone to multiple SQL injection vulnerabilities.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
AFFCommerce Shopping Cart 1.1.4 is reportedly affected. It is possible that other versions are vulnerable as well.
http://www.example.com/standalone/ItemInfo.php?item_id=[sql]
No writeups or analysis indexed.
http://pridels0.blogspot.com/2005/11/affcommerce-multiple-sql-inj.htmlhttp://secunia.com/advisories/17690http://www.osvdb.org/21070http://www.osvdb.org/21071http://www.osvdb.org/21072http://www.securityfocus.com/bid/15545http://www.vupen.com/english/advisories/2005/2550http://pridels0.blogspot.com/2005/11/affcommerce-multiple-sql-inj.htmlhttp://secunia.com/advisories/17690http://www.osvdb.org/21070http://www.osvdb.org/21071http://www.osvdb.org/21072http://www.securityfocus.com/bid/15545http://www.vupen.com/english/advisories/2005/2550
2005-11-30
Published