MidnightBSD

Advisories for spidersales

CVE-2004-0348 HIGH

SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
spidersales spidersales 2.0
CVE-2004-0350 LOW

SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
spidersales spidersales 2.0
CVE-2004-0351 LOW

Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
spidersales spidersales 2.0