Unrated severityNVD Advisory· Published Apr 26, 2006· Updated Apr 16, 2026

CVE-2006-2053

Description

Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm, (2) ItemID parameter in (c) proddetail.cfm, (3) SubCatID parameter in (d) index.cfm, the (4) CategoryID parameter in (e) prodpage.cfm, and (5) ProdID parameter in (f) Details.cfm. NOTE: these issues can also be exploited for path disclosure.

Affected products

Quickestore/Quickestore
cpe:2.3:a:quickestore:quickestore:7.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pridels0.blogspot.com/2006/04/quickestore-79-vuln.htmlnvd
secunia.com/advisories/19817nvd
www.osvdb.org/24976nvd
www.osvdb.org/24977nvd
www.osvdb.org/24978nvd
www.osvdb.org/24979nvd
www.osvdb.org/24980nvd
www.vupen.com/english/advisories/2006/1514nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26045nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000