CVE-2006-2053 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm (2) ItemID parameter in (c) proddetail.cfm (3) SubCatID parameter in (d) index.cfm the (4) CategoryID parameter in (e) prodpage.cfm and (5) ProdID parameter in (f) Details.cfm. NOTE: these issues can also be exploited for path disclosure.

Reference

http://pridels0.blogspot.com/2006/04/quickestore-79-vuln.html http://secunia.com/advisories/19817 http://www.osvdb.org/24976 http://www.osvdb.org/24977 http://www.osvdb.org/24978 http://www.osvdb.org/24979 http://www.osvdb.org/24980 http://www.vupen.com/english/advisories/2006/1514 https://exchange.xforce.ibmcloud.com/vulnerabilities/26045

Share on: