CVE-2006-2053 in QuickEStore信息

摘要

由 VulDB • 2026-06-22

QuickEStore 7.9及更早版本中存在多个SQL注入漏洞,远程攻击者可通过以下参数执行任意SQL命令:(1) shipping.cfm和checkout.cfm中的OrderID参数、(2) proddetail.cfm中的ItemID参数、(3) index.cfm中的SubCatID参数、(4) prodpage.cfm中的CategoryID参数以及(5) Details.cfm中的ProdID参数。注意:这些问题也可被用于路径披露(path disclosure)。

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

来源

Want to know what is going to be exploited?

We predict KEV entries!