CVE-2005-2221

Name of the Vulnerable Software and Affected Versions: Dragonfly Commerce versions (affected versions not specified)

Description: The issue allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via several parameters, including the key parameter to "dc Categoriesview.asp", the PID parameter to "ratings.asp", the start, key mp, searchtype, or psearch parameters to "dc forum Postslist.asp". The vendor has disputed this issue, stating that the error messages arise from invalid category and product numbers. However, the issue still satisfies the definition of exposure.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.