CVE

CVE-2004-2108

Date: (C)2004-12-31   (M)2023-12-22

Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1008837

SECUNIA-10704

http://marc.info/?l=bugtraq&m=107488132208229&w=2

OSVDB-3698

OSVDB-3699

OSVDB-3700

OSVDB-3701

OSVDB-3702

OSVDB-3703

OSVDB-3704

OSVDB-3705

OSVDB-3706

BID-9481

http://www.s-quadra.com/advisories/Adv-20040123.txt

qshop-multiple-sql-injection(14922)