CVE-2006-4852 - Vulnerability Details - OpenCVE

SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Quadcomm	Q-shop

Configuration 1 [-]

cpe:2.3:a:quadcomm:q-shop:3.5:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/21929
http://securityreason.com/securityalert/1589
http://www.osvdb.org/28917
http://www.securityfocus.com/archive/1/446231/100/0/threaded
http://www.securityfocus.com/bid/20075
http://www.vupen.com/english/advisories/2006/3665
https://exchange.xforce.ibmcloud.com/vulnerabilities/28970
https://www.exploit-db.com/exploits/2384

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-19T01:00:00

Updated: 2024-08-07T19:23:41.191Z

Reserved: 2006-09-18T00:00:00

Link: CVE-2006-4852

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-09-19T01:07:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-4852

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-17T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20075", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20075"}, {"name": "qshop-browse-sql-injection(28970)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28970"}, {"name": "ADV-2006-3665", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3665"}, {"name": "20060917 Q-Shop v3.5(browse.asp) Remote SQL Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/446231/100/0/threaded"}, {"name": "28917", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28917"}, {"name": "1589", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1589"}, {"name": "2384", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2384"}, {"name": "21929", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21929"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4852", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20075", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20075"}, {"name": "qshop-browse-sql-injection(28970)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28970"}, {"name": "ADV-2006-3665", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3665"}, {"name": "20060917 Q-Shop v3.5(browse.asp) Remote SQL Injection Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/446231/100/0/threaded"}, {"name": "28917", "refsource": "OSVDB", "url": "http://www.osvdb.org/28917"}, {"name": "1589", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1589"}, {"name": "2384", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2384"}, {"name": "21929", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21929"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:23:41.191Z"}, "title": "CVE Program Container", "references": [{"name": "20075", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20075"}, {"name": "qshop-browse-sql-injection(28970)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28970"}, {"name": "ADV-2006-3665", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3665"}, {"name": "20060917 Q-Shop v3.5(browse.asp) Remote SQL Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/446231/100/0/threaded"}, {"name": "28917", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28917"}, {"name": "1589", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1589"}, {"name": "2384", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/2384"}, {"name": "21929", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21929"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4852", "datePublished": "2006-09-19T01:00:00", "dateReserved": "2006-09-18T00:00:00", "dateUpdated": "2024-08-07T19:23:41.191Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quadcomm:q-shop:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "E75F4364-F341-4CAA-8AEA-D00405A43DE8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en browse.asp en Quadcomm Q-Shop 3.5 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro OrderBy."}], "id": "CVE-2006-4852", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-09-19T01:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/21929"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1589"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28917"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446231/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/20075"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3665"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28970"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2384"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/21929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28917"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446231/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/20075"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3665"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28970"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/2384"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}