CVE-2004-0300

SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.

Published: Nov 23, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0300
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ecommerce_corporation_online / store_kit	3.0_standard	3.0_standard.x
ecommerce_corporation_online / store_kit	3.0_pro	3.0_pro.x
ecommerce_corporation_online / store_kit	3.0_lite	3.0_lite.x

http://marc.info/?l=bugtraq&m=107712117913185&w=2
http://secunia.com/advisories/10902/
http://securitytracker.com/alerts/2004/Feb/1009092.html
http://www.osvdb.org/3973
http://www.securityfocus.com/bid/9676
http://www.securityfocus.com/bid/9687
http://www.systemsecure.org/advisories/ssadvisory16022004.php
http://www.zone-h.org/en/advisories/read/id=3972/
https://exchange.xforce.ibmcloud.com/vulnerabilities/15232

Vulnerability Database

290,922

CVE-2004-0300