CyberSec.Space Logo
Back to CVE Browser

CVE-2003-0509

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0510%
EPSS Percentile29.57th
PublishedAug 7, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.

Affected Platforms (CPE)

πŸ“¦
Cyberstrong

Eshop

<= 4.2

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=105709450711395&w=2
πŸ”— http://secunia.com/advisories/9165
πŸ”— http://securitytracker.com/id?1007092
πŸ”— http://www.osvdb.org/10098
πŸ”— http://www.osvdb.org/10099
πŸ”— http://www.osvdb.org/10100
πŸ”— http://www.securityfocus.com/bid/14101
πŸ”— http://www.securityfocus.com/bid/14103

Related Vulnerabilities

CVE-2009-311210.0

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to ga...

CVE-2019-130269.8

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker...

CVE-2019-170628.8

An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, ...

CVE-2016-07698.8

Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrator...