Unrated severityNVD Advisory· Published Oct 14, 2005· Updated Apr 16, 2026

CVE-2005-3208

Description

Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.

Affected products

Aenovo/Aenovo
cpe:2.3:a:aenovo:aenovo:*:*:*:*:*:*:*:*
Aenovo/Aenovoshop
cpe:2.3:a:aenovo:aenovoshop:*:*:*:*:*:*:*:*
Aenovo/Aenovowysi
cpe:2.3:a:aenovo:aenovowysi:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kapda.ir/advisory-78.htmlnvdExploitVendor Advisory
www.securityfocus.com/bid/15038nvdExploit
secunia.com/advisories/17117/nvdVendor Advisory
marc.infonvd
www.osvdb.org/19936nvd
www.osvdb.org/19937nvd
www.securityfocus.com/bid/15036nvd
exchange.xforce.ibmcloud.com/vulnerabilities/22547nvd
exchange.xforce.ibmcloud.com/vulnerabilities/22551nvd
exchange.xforce.ibmcloud.com/vulnerabilities/22553nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000