CVE-2005-4429
published 2005-12-21CVE-2005-4429: SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.16%
63.3th percentile
SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cs-cart | cs-cart | <= 2.0.5 | — |
| cs-cart | cs-cart | — | — |
| cs-cart | cs-cart | — | — |
| cs-cart | cs-cart | — | — |
| cs-cart | cs-cart | — | — |
| cs-cart | cs-cart | — | — |
| cs-cart | cs-cart | — | — |
| cs-cart | cs-cart | — | — |
| cs-cart | cs-cart | — | — |
| cs-cart | cs-cart | — | — |
| cs-cart | cs-cart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-25q8-wqrc-rrrr: SQL injection vulnerability in reward_points
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-2579 [HIGH] CWE-89 GHSA-25q8-wqrc-rrrr: SQL injection vulnerability in reward_points
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
GHSA
GHSA-mh48-h49v-5m4j: SQL injection vulnerability in CS-Cart 1
ghsa_unreviewed·2022-05-01
CVE-2005-4429 [HIGH] GHSA-mh48-h49v-5m4j: SQL injection vulnerability in CS-Cart 1
SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.
No detection rules found.
No writeups or analysis indexed.
http://attrition.org/pipermail/vim/2006-January/000450.htmlhttp://pridels0.blogspot.com/2005/11/cs-cart-sql-inj-vuln.htmlhttp://www.osvdb.org/21370http://www.securityfocus.com/bid/16134http://attrition.org/pipermail/vim/2006-January/000450.htmlhttp://pridels0.blogspot.com/2005/11/cs-cart-sql-inj-vuln.htmlhttp://www.osvdb.org/21370http://www.securityfocus.com/bid/16134
2005-12-21
Published