NVD

Id
68870  
Name
CVE-2005-3208  
Description
Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-07-18  
Published
2005-10-14  
Modified Date
2017-07-10  
Seq
2005-3208  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
355958 68870 CVE-2005-3208 20051007 Aenovo Multiple Vulnerabilities  View
355959 68870 CVE-2005-3208 http://www.kapda.ir/advisory-78.html  View
355960 68870 CVE-2005-3208 15036  View
355961 68870 CVE-2005-3208 15038  View
355962 68870 CVE-2005-3208 aenovo-password-sql-injection(22547)  View
355963 68870 CVE-2005-3208 aenovo-strsql-sql-injection(22551)  View
355964 68870 CVE-2005-3208 aenovo-xss(22553)  View

Related JVN