HTTP: WebStore2000 Item_ID Parameter SQL Injection

This signature detects SQL injection attempts against a WebStore2000 server. Attackers can inject SQL code into the Item_ID parameter of a maliciously crafted request, enabling them to execute arbitrary SQL commands on the WebStore2000 server.

Extended Description

This vulnerability is reportedly caused by a lack of sufficient sanitization of user-supplied data contained in URI parameters supplied to WebStores2000. Successful exploitation may allow for modification of the structure of SQL queries, resulting in information disclosure, or database corruption.

Affected Products

Webcortex webstores2000

References

BugTraq: 7766

CVE: CVE-2004-0304

Short Name
HTTP:SQL:INJ:WS2000
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2004-0304 Injection Item_ID Parameter SQL WebStore2000 bid:7766
Release Date
02/05/2004
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Webcortex

CVSS Score

10.0

Found a potential security threat?