Detections
Analytics

CVE-2003-0509

critical

Description

SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/12485

http://www.securityfocus.com/bid/14112

http://www.securityfocus.com/bid/14103

http://www.securityfocus.com/bid/14101

http://www.osvdb.org/10100

http://www.osvdb.org/10099

http://www.osvdb.org/10098

http://securitytracker.com/id?1007092

http://secunia.com/advisories/9165

http://marc.info/?l=bugtraq&m=105709450711395&w=2

Details

Source: Mitre, NVD

Published: 2003-08-07

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical