Strix
26.1K

CVE-2004-2173

UnknownEPSS 1.96%

Last modified

CVE-2004-2173 is a vulnerability of currently unknown severity. SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter.. EPSS estimates a 1.96% chance of exploitation in the next 30 days.

Description

SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter.

Metrics

EPSS Probability
1.96%

77.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Early ImpactProductcart1.5
Early ImpactProductcart1.6b
Early ImpactProductcart1.6b001
Early ImpactProductcart1.6b002
Early ImpactProductcart1.6b003
Early ImpactProductcart1.6br
Early ImpactProductcart1.6br001
Early ImpactProductcart1.6br003
Early ImpactProductcart1.5002
Early ImpactProductcart1.5003
Early ImpactProductcart1.5003r
Early ImpactProductcart1.5004
Early ImpactProductcart1.6002
Early ImpactProductcart1.6003
Early ImpactProductcart2.0
Early ImpactProductcart2.0br000
Early ImpactProductcart2.5

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2004-2173?
SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter.
How severe is CVE-2004-2173?
Severity scoring for CVE-2004-2173 is pending analysis. The EPSS model estimates a 1.96% probability of exploitation in the next 30 days.
How do I fix CVE-2004-2173?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-2173?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST