CVE-2005-1503 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Midicart Software	Midicart Php Shopping Cart

Configuration 1 [-]

cpe:2.3:a:midicart_software:midicart_php_shopping_cart:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=111533057918993&w=2
http://secunia.com/advisories/15269
http://www.hackgen.org/advisories/hackgen-2005-004.txt
http://www.osvdb.org/16175
http://www.osvdb.org/16176
http://www.osvdb.org/16177
http://www.securityfocus.com/bid/13512
http://www.securityfocus.com/bid/13513
http://www.securityfocus.com/bid/13514
http://www.securityfocus.com/bid/13515
https://exchange.xforce.ibmcloud.com/vulnerabilities/20428

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-11T04:00:00

Updated: 2024-08-07T21:51:50.387Z

Reserved: 2005-05-11T00:00:00

Link: CVE-2005-1503

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-05-11T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2005-1503

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-05-05T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "16176", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/16176"}, {"name": "13512", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/13512"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hackgen.org/advisories/hackgen-2005-004.txt"}, {"name": "13514", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/13514"}, {"name": "13515", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/13515"}, {"name": "16177", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/16177"}, {"name": "15269", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/15269"}, {"name": "13513", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/13513"}, {"name": "midicart-sql-injection(20428)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20428"}, {"name": "20050505 [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=111533057918993&w=2"}, {"name": "16175", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/16175"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-1503", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "16176", "refsource": "OSVDB", "url": "http://www.osvdb.org/16176"}, {"name": "13512", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13512"}, {"name": "http://www.hackgen.org/advisories/hackgen-2005-004.txt", "refsource": "MISC", "url": "http://www.hackgen.org/advisories/hackgen-2005-004.txt"}, {"name": "13514", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13514"}, {"name": "13515", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13515"}, {"name": "16177", "refsource": "OSVDB", "url": "http://www.osvdb.org/16177"}, {"name": "15269", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15269"}, {"name": "13513", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13513"}, {"name": "midicart-sql-injection(20428)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20428"}, {"name": "20050505 [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=111533057918993&w=2"}, {"name": "16175", "refsource": "OSVDB", "url": "http://www.osvdb.org/16175"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T21:51:50.387Z"}, "title": "CVE Program Container", "references": [{"name": "16176", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/16176"}, {"name": "13512", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/13512"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.hackgen.org/advisories/hackgen-2005-004.txt"}, {"name": "13514", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/13514"}, {"name": "13515", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/13515"}, {"name": "16177", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/16177"}, {"name": "15269", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/15269"}, {"name": "13513", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/13513"}, {"name": "midicart-sql-injection(20428)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20428"}, {"name": "20050505 [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=111533057918993&w=2"}, {"name": "16175", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/16175"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-1503", "datePublished": "2005-05-11T04:00:00", "dateReserved": "2005-05-11T00:00:00", "dateUpdated": "2024-08-07T21:51:50.387Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:midicart_software:midicart_php_shopping_cart:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E0F7EBA-EE49-40F0-83CC-887CC45E9270", "vulnerable": false}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php."}], "id": "CVE-2005-1503", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-05-11T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=111533057918993&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/15269"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.hackgen.org/advisories/hackgen-2005-004.txt"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/16175"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/16176"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/16177"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/13512"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/13513"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/13514"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/13515"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=111533057918993&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/15269"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.hackgen.org/advisories/hackgen-2005-004.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/16175"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/16176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/16177"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/13512"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/13513"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/13514"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/13515"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20428"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}