CVE-2003-0509 Information

Description

SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp (2) 10browse.asp and (3) 20review.asp.

Reference

http://marc.info/?l=bugtraq&m=105709450711395&w=2 http://secunia.com/advisories/9165 http://securitytracker.com/id?1007092 http://www.osvdb.org/10098 http://www.osvdb.org/10099 http://www.osvdb.org/10100 http://www.securityfocus.com/bid/14101 http://www.securityfocus.com/bid/14103 http://www.securityfocus.com/bid/14112 https://exchange.xforce.ibmcloud.com/vulnerabilities/12485