Vulnerability Details CVE-2003-0509
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.059
EPSS Ranking 92.2%
CVSS Severity
CVSS v2 Score 10.0
References
- http://marc.info/?l=bugtraq&m=105709450711395&w=2
- http://secunia.com/advisories/9165
- http://securitytracker.com/id?1007092
- http://www.osvdb.org/10098
- http://www.osvdb.org/10099
- http://www.osvdb.org/10100
- http://www.securityfocus.com/bid/14101
- http://www.securityfocus.com/bid/14103
- http://www.securityfocus.com/bid/14112
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12485
- http://marc.info/?l=bugtraq&m=105709450711395&w=2
- http://secunia.com/advisories/9165
- http://securitytracker.com/id?1007092
- http://www.osvdb.org/10098
- http://www.osvdb.org/10099
- http://www.osvdb.org/10100
- http://www.securityfocus.com/bid/14101
- http://www.securityfocus.com/bid/14103
- http://www.securityfocus.com/bid/14112
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12485
Products affected by CVE-2003-0509
-
cpe:2.3:a:cyberstrong:eshop:*