CVE-2005-4243
published 2005-12-15CVE-2005-4243: Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.65%
90.6th percentile
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| quickpaypro | quickpaypro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
QuickPayPro 3.1 - 'popups.edit.php?popupid' SQL Injection
exploitdb·2005-12-14
CVE-2005-4243 QuickPayPro 3.1 - 'popups.edit.php?popupid' SQL Injection
QuickPayPro 3.1 - 'popups.edit.php?popupid' SQL Injection
---
source: https://www.securityfocus.com/bid/15863/info
QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
http://www.example.com/communication/popups.edit.php?popupid=[SQL]
Exploit-DB
QuickPayPro 3.1 - 'tracking.details.php?trackingid' SQL Injection
exploitdb·2005-12-14
CVE-2005-4243 QuickPayPro 3.1 - 'tracking.details.php?trackingid' SQL Injection
QuickPayPro 3.1 - 'tracking.details.php?trackingid' SQL Injection
---
source: https://www.securityfocus.com/bid/15863/info
QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
http://www.example.com/tools/tracking.details.php?trackingid=1[SQL]
Exploit-DB
QuickPayPro 3.1 - 'design.php?delete' SQL Injection
exploitdb·2005-12-14
CVE-2005-4243 QuickPayPro 3.1 - 'design.php?delete' SQL Injection
QuickPayPro 3.1 - 'design.php?delete' SQL Injection
---
source: https://www.securityfocus.com/bid/15863/info
QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
http://www.example.com/settings/design.php?delete=[SQL]
Exploit-DB
QuickPayPro 3.1 - 'sales.view.php?customerid' SQL Injection
exploitdb·2005-12-14
CVE-2005-4243 QuickPayPro 3.1 - 'sales.view.php?customerid' SQL Injection
QuickPayPro 3.1 - 'sales.view.php?customerid' SQL Injection
---
source: https://www.securityfocus.com/bid/15863/info
QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
http://www.example.com/mycompany/sales.view.php?customerid=1[SQL]
Exploit-DB
QuickPayPro 3.1 - 'customer.tickets.view.php' Multiple SQL Injections
exploitdb·2005-12-14
CVE-2005-4243 QuickPayPro 3.1 - 'customer.tickets.view.php' Multiple SQL Injections
QuickPayPro 3.1 - 'customer.tickets.view.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/15863/info
QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
http://www.example.com/communication/customer.tickets.view.php?so=[SQL]
http://www.example.com/communication/customer.tickets.view.php?so=ASC&sb=[SQL]
http://www.example.com/communication/cu
Exploit-DB
QuickPayPro 3.1 - 'subscribers.tracking.edit.php?subtrackingid' SQL Injection
exploitdb·2005-12-14
CVE-2005-4243 QuickPayPro 3.1 - 'subscribers.tracking.edit.php?subtrackingid' SQL Injection
QuickPayPro 3.1 - 'subscribers.tracking.edit.php?subtrackingid' SQL Injection
---
source: https://www.securityfocus.com/bid/15863/info
QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
http://www.example.com/communication/subscribers.tracking.edit.php?subtrackingid=[SQL]
No writeups or analysis indexed.
http://pridels0.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.htmlhttp://secunia.com/advisories/17981http://www.osvdb.org/21676http://www.osvdb.org/21677http://www.osvdb.org/21678http://www.osvdb.org/21679http://www.osvdb.org/21680http://www.osvdb.org/21681http://www.securityfocus.com/bid/15863http://www.vupen.com/english/advisories/2005/2875http://pridels0.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.htmlhttp://secunia.com/advisories/17981http://www.osvdb.org/21676http://www.osvdb.org/21677http://www.osvdb.org/21678http://www.osvdb.org/21679http://www.osvdb.org/21680http://www.osvdb.org/21681http://www.securityfocus.com/bid/15863http://www.vupen.com/english/advisories/2005/2875
2005-12-15
Published