CGI abuses : SpiderSales Shopping Cart SQL injection

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.12088

Categoría: CGI abuses

Título: SpiderSales Shopping Cart SQL injection

Resumen: NOSUMMARY

Descripción: Description:

The remote host is running the SpiderSales Shopping Cart CGI suite.

There is a bug in this suite which may allow an attacker
to force it to execute arbitrary SQL statements on the remote
host. An attacker may use this flaw to gain the control of the remote
website and possibly execute arbitrary commands on the remote host.

Solution: Disable this suite or upgrade to the latest version
Risk factor: High

Referencia Cruzada: BugTraq ID: 9799
Common Vulnerability Exposure (CVE) ID: CVE-2004-0351
http://www.securityfocus.com/bid/9799
Bugtraq: 20040303 Spider Sales shopping cart software multiple security vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=107833097705486&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018177.html
XForce ISS Database: spidersales-weak-encryption(15370)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15370
Common Vulnerability Exposure (CVE) ID: CVE-2004-0350
http://www.s-quadra.com/advisories/Adv-20040303.txt
Common Vulnerability Exposure (CVE) ID: CVE-2004-0348
XForce ISS Database: spidersales-userid-sql-injection(15371)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15371

Copyright This script is Copyright (C) 2004 Tenable Network Security

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.12088
Categoría:	CGI abuses
Título:	SpiderSales Shopping Cart SQL injection
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is running the SpiderSales Shopping Cart CGI suite. There is a bug in this suite which may allow an attacker to force it to execute arbitrary SQL statements on the remote host. An attacker may use this flaw to gain the control of the remote website and possibly execute arbitrary commands on the remote host. Solution: Disable this suite or upgrade to the latest version Risk factor: High
Referencia Cruzada:	BugTraq ID: 9799 Common Vulnerability Exposure (CVE) ID: CVE-2004-0351 http://www.securityfocus.com/bid/9799 Bugtraq: 20040303 Spider Sales shopping cart software multiple security vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=107833097705486&w=2 http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018177.html XForce ISS Database: spidersales-weak-encryption(15370) https://exchange.xforce.ibmcloud.com/vulnerabilities/15370 Common Vulnerability Exposure (CVE) ID: CVE-2004-0350 http://www.s-quadra.com/advisories/Adv-20040303.txt Common Vulnerability Exposure (CVE) ID: CVE-2004-0348 XForce ISS Database: spidersales-userid-sql-injection(15371) https://exchange.xforce.ibmcloud.com/vulnerabilities/15371
Copyright	This script is Copyright (C) 2004 Tenable Network Security