CGI abuses : SpiderSales Shopping Cart SQL injection

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.12088
Category:	CGI abuses
Title:	SpiderSales Shopping Cart SQL injection
Summary:	NOSUMMARY
Description:	Description: The remote host is running the SpiderSales Shopping Cart CGI suite. There is a bug in this suite which may allow an attacker to force it to execute arbitrary SQL statements on the remote host. An attacker may use this flaw to gain the control of the remote website and possibly execute arbitrary commands on the remote host. Solution: Disable this suite or upgrade to the latest version Risk factor: High
Cross-Ref:	BugTraq ID: 9799 Common Vulnerability Exposure (CVE) ID: CVE-2004-0351 http://www.securityfocus.com/bid/9799 Bugtraq: 20040303 Spider Sales shopping cart software multiple security vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=107833097705486&w=2 http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018177.html XForce ISS Database: spidersales-weak-encryption(15370) https://exchange.xforce.ibmcloud.com/vulnerabilities/15370 Common Vulnerability Exposure (CVE) ID: CVE-2004-0350 http://www.s-quadra.com/advisories/Adv-20040303.txt Common Vulnerability Exposure (CVE) ID: CVE-2004-0348 XForce ISS Database: spidersales-userid-sql-injection(15371) https://exchange.xforce.ibmcloud.com/vulnerabilities/15371
Copyright	This script is Copyright (C) 2004 Tenable Network Security