EarlyImpact ProductCart多个漏洞

漏洞信息详情

EarlyImpact ProductCart多个漏洞

• CNNVD编号：CNNVD-200412-688
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-2173
  
• 漏洞类型：
  
  
  SQL注入
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-25
  
• 厂        商：
  
  early_impact
• 漏洞来源：
  Discovery is credi…

EarlyImpact ProductCart中的advSearch_h.asp存在SQL注入漏洞。远程攻击者可以借助priceUntil参数执行任意SQL命令。

An upgrade is available that is not vulnerable to this issue.
The vendor has released a security update to deal with this issue.

EarlyImpact ProductCart 2.5

• EarlyImpact ProductCart_Security_Update_013004.zip
  
  http://www.earlyimpact.com/productcart/support/updates/ProductCart_Sec
  urity_Update_013004.zip

来源: BID
名称: 9669
链接:http://www.securityfocus.com/bid/9669

来源: XF
名称: productcart-advsearchhasp-sql-injection(15233)
链接:http://xforce.iss.net/xforce/xfdb/15233

来源: BUGTRAQ
名称: 20040216 EarlyImpact ProductCart shopping cart software multiple security vulnerabilities
链接:http://www.securityfocus.com/archive/1/354288

来源: www.s-quadra.com
链接:http://www.s-quadra.com/advisories/Adv-20040216.txt

来源: OSVDB
名称: 3981
链接:http://www.osvdb.org/3981

来源: www.earlyimpact.com
链接:http://www.earlyimpact.com/productcart/support/updates/ReadMe_ProductCart_Security_Patch_013004.txt

来源: SECTRACK
名称: 1009085
链接:http://securitytracker.com/alerts/2004/Feb/1009085.html

来源: SECUNIA
名称: 10898
链接:http://secunia.com/advisories/10898

来源: FULLDISC
名称: 20040216 EarlyImpact ProductCart shopping cart software multiple security vulnerabilities
链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0871.html

来源: BUGTRAQ
名称: 20040218 Re: EarlyImpact ProductCart shopping cart software multiple security vulnerabilities
链接:http://archives.neohapsis.com/archives/bugtraq/2004-02/0503.html