CVE-2005-1161

critical

Description

Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/20097

http://www.osvdb.org/15520

http://www.osvdb.org/15519

http://www.osvdb.org/15518

http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab

http://secunia.com/advisories/14969

http://marc.info/?l=bugtraq&m=111352017704126&w=2

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03103