SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to CVE-2004-2108.
References
Configurations
History
No history.
Information
Published : 2009-02-24 18:30
Updated : 2024-02-28 11:21
NVD link : CVE-2008-6258
Mitre link : CVE-2008-6258
CVE.ORG link : CVE-2008-6258
JSON object : View
Products Affected
quadcomm
- q-shop
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')