Unrated severityNVD Advisory· Published May 11, 2005· Updated Apr 16, 2026

CVE-2005-1487

Description

Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable

Affected products

Fishcart/Fishcart
cpe:2.3:a:fishnet:fishcart:3.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.digitalparadox.org/advisories/fishc.txtnvdExploitVendor Advisory
www.securityfocus.com/bid/13499nvdExploit
marc.infonvd
secunia.com/advisories/15232/nvd
www.osvdb.org/16282nvd
www.osvdb.org/16283nvd
www.securityfocus.com/archive/1/457754/100/200/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/20386nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000