CVE

Id
18157  
CVE No.
CVE-2006-2053  
Status
Candidate  
Description
Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm, (2) ItemID parameter in (c) proddetail.cfm, (3) SubCatID parameter in (d) index.cfm, the (4) CategoryID parameter in (e) prodpage.cfm, and (5) ProdID parameter in (f) Details.cfm. NOTE: these issues can also be exploited for path disclosure.  
Phase
Assigned (20060426)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
156350 18157 CVE-2006-2053 MISC:http://pridels0.blogspot.com/2006/04/quickestore-79-vuln.html  View
156351 18157 CVE-2006-2053 VUPEN:ADV-2006-1514  View
156352 18157 CVE-2006-2053 URL:http://www.vupen.com/english/advisories/2006/1514  View
156353 18157 CVE-2006-2053 OSVDB:24976  View
156354 18157 CVE-2006-2053 URL:http://www.osvdb.org/24976  View
156355 18157 CVE-2006-2053 OSVDB:24977  View
156356 18157 CVE-2006-2053 URL:http://www.osvdb.org/24977  View
156357 18157 CVE-2006-2053 OSVDB:24978  View
156358 18157 CVE-2006-2053 URL:http://www.osvdb.org/24978  View
156359 18157 CVE-2006-2053 OSVDB:24979  View
156360 18157 CVE-2006-2053 URL:http://www.osvdb.org/24979  View
156361 18157 CVE-2006-2053 OSVDB:24980  View
156362 18157 CVE-2006-2053 URL:http://www.osvdb.org/24980  View
156363 18157 CVE-2006-2053 SECUNIA:19817  View
156364 18157 CVE-2006-2053 URL:http://secunia.com/advisories/19817  View
156365 18157 CVE-2006-2053 XF:quickestore-multiple-sql-injection(26045)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
61507 JVNDB-2006-003773 Microsoft Outlook 2003 におけるコマンドライン引数を変更される脆弱性 Microsoft Outlook 2003 には、引数の挿入により、コマンドライン引数を変更される脆弱性が存在します。 CVE-2006-2055 18157 5 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-003773.html  View