FKIE_CVE-2003-0509

Vulnerability from fkie_nvd - Published: 2003-08-07 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=105709450711395&w=2
cve@mitre.orghttp://secunia.com/advisories/9165
cve@mitre.orghttp://securitytracker.com/id?1007092
cve@mitre.orghttp://www.osvdb.org/10098
cve@mitre.orghttp://www.osvdb.org/10099
cve@mitre.orghttp://www.osvdb.org/10100
cve@mitre.orghttp://www.securityfocus.com/bid/14101
cve@mitre.orghttp://www.securityfocus.com/bid/14103
cve@mitre.orghttp://www.securityfocus.com/bid/14112
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/12485
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=105709450711395&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/9165
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1007092
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/10098
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/10099
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/10100
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14101
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14103
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14112
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/12485
Impacted products
Vendor Product Version
cyberstrong eshop *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cyberstrong:eshop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9F816B-410A-4418-947E-364403E9A186",
              "versionEndIncluding": "4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n de SQL en Cyberstrong eShop 4.2 y anteriores permite a atacantes remotos robar informaci\u00f3n de autenticaci\u00f3n y ganar privilegios mediante el par\u00e1metro ProductCode en  (1) 10expand.asp, (2) 10browse.asp, y (3) 20review.asp."
    }
  ],
  "id": "CVE-2003-0509",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-08-07T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=105709450711395\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/9165"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1007092"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/10098"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/10099"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/10100"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/14101"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/14103"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/14112"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=105709450711395\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/9165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1007092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/10098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/10099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/10100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/14101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/14103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/14112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12485"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.