CVE-2003-1268

Current Description

Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters.

Basic Data

PublishedDecember 31, 2003
Last ModifiedSeptember 05, 2008
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationUrlogyA.shop.kart2.0.3*******

Vulnerable Software List

VendorProductVersions
Urlogy A.shop.kart 2.0.3

References

NameSourceURLTags
7838http://secunia.com/advisories/7838SECUNIA
http://www.centaura.com.ar/infosec/adv/ashopkart.txthttp://www.centaura.com.ar/infosec/adv/ashopkart.txtMISC
ashopkart-multiple-sql-injection(11029)http://www.iss.net/security_center/static/11029.phpXF
37036http://www.osvdb.org/37036OSVDB
37037http://www.osvdb.org/37037OSVDB
37038http://www.osvdb.org/37038OSVDB
20030108 a.shopKart Shopping Cart remote vulnerabilitieshttp://www.securityfocus.com/archive/1/305685BUGTRAQVendor Advisory
6558http://www.securityfocus.com/bid/6558BID
1005903http://www.securitytracker.com/id?1005903SECTRACK