Vulnerability Description
Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Coastal Data Management | E-Quick Cart | All versions |
References
- http://secunia.com/advisories/17652Vendor Advisory
- http://securitytracker.com/id?1015244ExploitVendor Advisory
- http://www.osvdb.org/20997
- http://www.osvdb.org/20998
- http://www.osvdb.org/20999
- http://www.securityfocus.com/bid/15510
- http://www.vupen.com/english/advisories/2005/2506
- http://secunia.com/advisories/17652Vendor Advisory
- http://securitytracker.com/id?1015244ExploitVendor Advisory
- http://www.osvdb.org/20997
- http://www.osvdb.org/20998
- http://www.osvdb.org/20999
- http://www.securityfocus.com/bid/15510
- http://www.vupen.com/english/advisories/2005/2506
FAQ
What is CVE-2005-3735?
CVE-2005-3735 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shoppro...
How severe is CVE-2005-3735?
CVE-2005-3735 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3735?
Check the references section above for vendor advisories and patch information. Affected products include: Coastal Data Management E-Quick Cart.