CVE-2005-3208

Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.

Published: Oct 14, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3208
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
aenovo / aenovoshop	-	-
aenovo / aenovowysi	-	-
aenovo / aenovo	-	-

http://marc.info/?l=bugtraq&m=112872593432359&w=2
http://secunia.com/advisories/17117/
http://www.kapda.ir/advisory-78.html
http://www.osvdb.org/19936
http://www.osvdb.org/19937
http://www.securityfocus.com/bid/15036
http://www.securityfocus.com/bid/15038
https://exchange.xforce.ibmcloud.com/vulnerabilities/22547
https://exchange.xforce.ibmcloud.com/vulnerabilities/22551
https://exchange.xforce.ibmcloud.com/vulnerabilities/22553

Vulnerability Database

289,784

CVE-2005-3208