Lucene search

[email protected]CVE-2004-1881

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2004-1881

2005-05-1004:00:00

[email protected]

web.nvd.nist.gov

cve-2004-1881

sql injection

cactushop 5.x

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.

Affected configurations

NVD

Node

cactusoftcactushopMatch5.0

cactusoftcactushopMatch5.1

CPENameOperatorVersion
cactusoft:cactushopcactusoft cactushopeq5.0
cactusoft:cactushopcactusoft cactushopeq5.1

CPE	Name	Operator	Version
cactusoft:cactushop	cactusoft cactushop	eq	5.0
cactusoft:cactushop	cactusoft cactushop	eq	5.1

References

marc.info/?l=bugtraq&m=108075059013762&w=2

secunia.com/advisories/11272

securitytracker.com/id?1009601

www.osvdb.org/4785

www.osvdb.org/4786

www.s-quadra.com/advisories/Adv-20040331.txt

www.securityfocus.com/bid/10019

exchange.xforce.ibmcloud.com/vulnerabilities/15686

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for CVE-2004-1881

cvelist1 nvd1 openvas2 nessus1