Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2108

Description

Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp.

Affected products

Quadcomm/Q Shop4 versions
cpe:2.3:a:quadcomm:q-shop:2.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:quadcomm:q-shop:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:quadcomm:q-shop:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:quadcomm:q-shop:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:quadcomm:q-shop:2.5_beta:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.s-quadra.com/advisories/Adv-20040123.txtnvdExploit
www.securityfocus.com/bid/9481nvdExploit
marc.infonvd
secunia.com/advisories/10704nvd
securitytracker.com/alerts/2004/Jan/1008837.htmlnvd
www.osvdb.org/3698nvd
www.osvdb.org/3699nvd
www.osvdb.org/3700nvd
www.osvdb.org/3701nvd
www.osvdb.org/3702nvd
www.osvdb.org/3703nvd
www.osvdb.org/3704nvd
www.osvdb.org/3705nvd
www.osvdb.org/3706nvd
exchange.xforce.ibmcloud.com/vulnerabilities/14922nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000