Vulnerability Details CVE-2005-3735
Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/17652
- http://securitytracker.com/id?1015244
- http://www.osvdb.org/20997
- http://www.osvdb.org/20998
- http://www.osvdb.org/20999
- http://www.securityfocus.com/bid/15510
- http://www.vupen.com/english/advisories/2005/2506
- http://secunia.com/advisories/17652
- http://securitytracker.com/id?1015244
- http://www.osvdb.org/20997
- http://www.osvdb.org/20998
- http://www.osvdb.org/20999
- http://www.securityfocus.com/bid/15510
- http://www.vupen.com/english/advisories/2005/2506
Products affected by CVE-2005-3735
-
cpe:2.3:a:coastal_data_management:e-quick_cart:*