CVE-2005-1161 Information

Description

Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp (3) idCategory parameter to owListProduct.asp or (4) bSpecials parameter to owListProduct.asp.

Reference

http://marc.info/?l=bugtraq&m=111352017704126&w=2 http://secunia.com/advisories/14969 http://securitytracker.com/id?1013720 http://www.oneworldstore.com/support_security_issue_updates.aspApril_15_2005_DCrab http://www.osvdb.org/15518 http://www.osvdb.org/15519 http://www.osvdb.org/15520 http://www.securityfocus.com/bid/13181 http://www.securityfocus.com/bid/13182 http://www.securityfocus.com/bid/13183 https://exchange.xforce.ibmcloud.com/vulnerabilities/20097