Unrated severityNVD Advisory· Published Jul 12, 2005· Updated Jun 16, 2026
CVE-2005-2221
CVE-2005-2221
Description
Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4) dc_Productsview.asp, (5) start, (6) key_mp, (7) searchtype, or (8) psearch parameters to dc_forum_Postslist.asp. NOTE: the vendor has disputed this issue, saying that the error messages arise from invalid category and product numbers. Assuming that this is the case, the issue still satisfies the CVE definition of "exposure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:incredible_interactive:dragonfly_commerce:*:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.