[VIM] CVE-2005-4003 - ASPS - description identifies wrong bug type
Steven M. Christey
coley at mitre.org
Wed Feb 8 20:12:37 EST 2006
Regarding CVE-2005-4003. This arose from a r0t blog entry that
clearly identified XSS. However, the CVE description says SQL
injection. Stupid description templates! ;-)
Some VDBs have mentioned both XSS and SQL injection as vectors. While
the issue smells like it could be both (e.g. SQL injection enabling
XSS in error messages), it could be that these VDBs mentioned the SQL
injection due to CVE's mistaken description. The only original source
information I have is XSS.
If anybody has any information on whether the SQL injection issues
really exist, let me know. Right now I have a pretty ugly-looking
candidate on my hands :)
- Steve
======================================================
Name: CVE-2005-4003
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4003
Reference: MISC:http://pridels.blogspot.com/2005/12/asps-shopping-cart-professional-and.html
Reference: BID:15694
Reference: URL:http://www.securityfocus.com/bid/15694
Multiple SQL injection vulnerabilities in Absolute Shopping Package
Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite
2.1 and earlier, allow remote attackers to execute arbitrary SQL
commands via the (1) srch_product_name parameter to adv_search.asp and
(2) b_search parameter to bsearch.asp. NOTE: the original disclosure
was specifically only for an XSS issue, but the CVE description was
for SQL injection. Since the original disclosure, SQL injection
vectors have been reported. This CVE might be REJECTed or
significantly altered pending additional information.
More information about the VIM
mailing list