QuadComm Q-Shop SQL Injection Vulnerabilities
BID:9481
Info
QuadComm Q-Shop SQL Injection Vulnerabilities
| Bugtraq ID: | 9481 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-2108 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 23 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this issue is credited to Nick Gudov <[email protected]>. |
| Vulnerable: |
QuadComm Q-Shop 2.5 beta QuadComm Q-Shop 2.5 QuadComm Q-Shop 2.1 QuadComm Q-Shop 2.0 |
| Not Vulnerable: | |
Discussion
QuadComm Q-Shop SQL Injection Vulnerabilities
It has been reported that Quadcomm's Q-Shop is vulnerable to multiple SQL injection vulnerabilities. This issue is caused by the failure of the application to properly validate user input, which will included in database queries. This could allow for compromise of the software, information disclosure or other attacks.
It has been reported that Quadcomm's Q-Shop is vulnerable to multiple SQL injection vulnerabilities. This issue is caused by the failure of the application to properly validate user input, which will included in database queries. This could allow for compromise of the software, information disclosure or other attacks.
Exploit / POC
QuadComm Q-Shop SQL Injection Vulnerabilities
There is no exploit required.
There is no exploit required.
Solution / Fix
QuadComm Q-Shop SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
QuadComm Q-Shop SQL Injection Vulnerabilities
References:
References:
- Q-Shop ASP Shopping Cart Software (QuadComm)
- QuadComm Q-Shop ASP Shopping Cart Software multiple security vulnerabilities (S-Quadra Security Research
)