Vulnerability Description
Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Midicart Software | Midicart Php Shopping Cart | All versions |
References
- http://marc.info/?l=bugtraq&m=111533057918993&w=2
- http://secunia.com/advisories/15269
- http://www.hackgen.org/advisories/hackgen-2005-004.txtExploitVendor Advisory
- http://www.osvdb.org/16175
- http://www.osvdb.org/16176
- http://www.osvdb.org/16177
- http://www.securityfocus.com/bid/13512Exploit
- http://www.securityfocus.com/bid/13513Exploit
- http://www.securityfocus.com/bid/13514Exploit
- http://www.securityfocus.com/bid/13515Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20428
- http://marc.info/?l=bugtraq&m=111533057918993&w=2
- http://secunia.com/advisories/15269
- http://www.hackgen.org/advisories/hackgen-2005-004.txtExploitVendor Advisory
- http://www.osvdb.org/16175
FAQ
What is CVE-2005-1503?
CVE-2005-1503 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup o...
How severe is CVE-2005-1503?
CVE-2005-1503 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1503?
Check the references section above for vendor advisories and patch information. Affected products include: Midicart Software Midicart Php Shopping Cart.