CVE-2004-1806

Vulnerability

SQL injection vulnerability in CFWebstore 5.0 exists in the index.cfm script. User-supplied input parameters category_id, product_id, and feature_id are not sanitized before being used in SQL queries. This affects CFWebstore 5.0 and earlier versions; version 5.0.1 fixed the issue [1][2].

Exploitation

A remote attacker can send crafted HTTP requests to the vulnerable index.cfm page, passing malicious SQL code in any of the three parameters. No authentication is required, as the script is publicly accessible. The attacker can inject SQL commands that modify the intended query logic, potentially leveraging Microsoft SQL Server's xp_cmdshell extended stored procedure for further system access [2].

Impact

Successful exploitation allows arbitrary SQL command execution, which can lead to reading, modifying, or deleting database content. If xp_cmdshell is enabled, the attacker may execute operating system commands, compromising the underlying server [2].

Mitigation

Dogpatch Software released CFWebstore version 5.0.1 on 12 March 2004, which addresses the SQL injection vulnerability by implementing proper input validation. Users should upgrade to version 5.0.1 or later [1][2]. No workaround is documented for unpatched versions.