PT-2005-3119 · Comersus · Comersus
Diabolic Crab
·
Published
2005-07-10
·
Updated
2016-10-18
·
CVE-2005-2190
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Comersus (affected versions not specified)
Description:
The issue concerns SQL injection vulnerabilities in the Comersus shopping cart, allowing remote attackers to execute arbitrary SQL commands. This can be achieved via the
email parameter to "comersus optAffiliateRegistrationExec.asp" or the idProduct parameter to "comersus optReviewReadExec.asp".Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Comersus