Vulnerability Details CVE-2005-1161
Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=111352017704126&w=2
- http://secunia.com/advisories/14969
- http://securitytracker.com/id?1013720
- http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab
- http://www.osvdb.org/15518
- http://www.osvdb.org/15519
- http://www.osvdb.org/15520
- http://www.securityfocus.com/bid/13181
- http://www.securityfocus.com/bid/13182
- http://www.securityfocus.com/bid/13183
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20097
- http://marc.info/?l=bugtraq&m=111352017704126&w=2
- http://secunia.com/advisories/14969
- http://securitytracker.com/id?1013720
- http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab
- http://www.osvdb.org/15518
- http://www.osvdb.org/15519
- http://www.osvdb.org/15520
- http://www.securityfocus.com/bid/13181
- http://www.securityfocus.com/bid/13182
- http://www.securityfocus.com/bid/13183
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20097
Products affected by CVE-2005-1161
-
cpe:2.3:a:oneworldstore:oneworldstore:*