CVE-2004-0300

Vulnerability

Online Store Kit 3.0 (including Lite, Standard, and Pro editions) contains SQL injection vulnerabilities in several scripts. The affected parameters are cat in shop.php, id in more.php, cat_manufacturer in shop_by_brand.php, and id in listing.php [2]. The application fails to sanitize user input before using it in SQL queries, enabling attackers to inject arbitrary SQL statements [1].

Exploitation

An attacker can exploit these vulnerabilities remotely without authentication by crafting HTTP requests with malicious SQL payloads in the vulnerable parameters. For example, appending a SQL injection string to shop.php?cat=1' OR '1'='1 may bypass authentication or extract data [2]. The attacker can also use the id parameter in more.php or listing.php similarly.

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands, potentially leading to unauthorized access to sensitive information such as user credentials, customer data, or administrative privileges. The attacker could also modify or delete database contents, compromising the integrity and availability of the application [2].

Mitigation

As of the advisory publication date (February 17, 2004), no official patch was available from the vendor [2]. Users are advised to apply input validation filters or upgrade to a patched version if later released. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities Catalog as of now.