CVE Vulnerabilities

CVE-2004-0300

Published: Nov 23, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.

Affected Software

Name Vendor Start Version End Version
Store_kit Ecommerce_corporation_online 3.0_standard 3.0_standard
Store_kit Ecommerce_corporation_online 3.0_pro 3.0_pro
Store_kit Ecommerce_corporation_online 3.0_lite 3.0_lite

References