NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2005-4243

Summary	Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.
Publication Date	Dec. 15, 2005, 8:03 p.m.
Registration Date	Jan. 29, 2021, 5:59 p.m.
Last Update	March 8, 2011, 11:27 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:quickpaypro:quickpaypro:3.1:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://pridels0.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.html	MISC
2	http://secunia.com/advisories/17981	SECUNIA	Vendor Advisory
3	http://www.osvdb.org/21676	OSVDB	Exploit
4	http://www.osvdb.org/21677	OSVDB	Exploit
5	http://www.osvdb.org/21678	OSVDB	Exploit
6	http://www.osvdb.org/21679	OSVDB	Exploit
7	http://www.osvdb.org/21680	OSVDB	Exploit
8	http://www.osvdb.org/21681	OSVDB	Exploit
9	http://www.securityfocus.com/bid/15863	BID
10	http://www.vupen.com/english/advisories/2005/2875	VUPEN

Common Vulnerabilities List