CVE-2006-2827 - Vulnerability Details - OpenCVE

SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters." As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Qualiteam	X-cart

Configuration 1 [-]

OR	cpe:2.3:a:qualiteam:x-cart:4.1.0_beta_1:::::::*
	cpe:2.3:a:qualiteam:x-cart:gold_4.0.18:::::::*
	cpe:2.3:a:qualiteam:x-cart:pro_4.0.18:::::::*

No data.

References

Link	Providers
http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html
http://www.osvdb.org/25204
https://exchange.xforce.ibmcloud.com/vulnerabilities/25944

History

Fri, 17 Jan 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-05T17:00:00

Updated: 2025-01-17T13:56:38.025Z

Reserved: 2006-06-05T00:00:00

Link: CVE-2006-2827

Vulnrichment

Updated: 2024-08-07T18:06:26.640Z

NVD

Status : Modified

Published: 2006-06-05T17:02:00.000

Modified: 2025-01-17T14:15:27.663

Link: CVE-2006-2827

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-20T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the \"Search for pattern\" field, when the settings specify only \"Search in Detailed description\" and \"Search also in ISBN.\" NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying \"the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters.\" As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html"}, {"name": "xcart-search-sql-injection(25944)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25944"}, {"name": "25204", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25204"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2827", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the \"Search for pattern\" field, when the settings specify only \"Search in Detailed description\" and \"Search also in ISBN.\" NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying \"the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters.\" As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html", "refsource": "MISC", "url": "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html"}, {"name": "xcart-search-sql-injection(25944)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25944"}, {"name": "25204", "refsource": "OSVDB", "url": "http://www.osvdb.org/25204"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:06:26.640Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html"}, {"name": "xcart-search-sql-injection(25944)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25944"}, {"name": "25204", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/25204"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-17T13:56:32.615352Z", "id": "CVE-2006-2827", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-17T13:56:38.025Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2827", "datePublished": "2006-06-05T17:00:00", "dateReserved": "2006-06-05T00:00:00", "dateUpdated": "2025-01-17T13:56:38.025Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25944", "name": "xcart-search-sql-injection(25944)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"]}, {"url": "http://www.osvdb.org/25204", "name": "25204", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:06:26.640Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2006-2827", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-17T13:56:32.615352Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-17T13:56:14.844Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-20T00:00:00", "references": [{"url": "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html", "tags": ["x_refsource_MISC"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25944", "name": "xcart-search-sql-injection(25944)", "tags": ["vdb-entry", "x_refsource_XF"]}, {"url": "http://www.osvdb.org/25204", "name": "25204", "tags": ["vdb-entry", "x_refsource_OSVDB"]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the \"Search for pattern\" field, when the settings specify only \"Search in Detailed description\" and \"Search also in ISBN.\" NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying \"the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters.\" As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2017-07-19T15:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html", "name": "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html", "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25944", "name": "xcart-search-sql-injection(25944)", "refsource": "XF"}, {"url": "http://www.osvdb.org/25204", "name": "25204", "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the \"Search for pattern\" field, when the settings specify only \"Search in Detailed description\" and \"Search also in ISBN.\" NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying \"the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters.\" As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2827", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2006-2827", "state": "PUBLISHED", "dateUpdated": "2025-01-17T13:56:38.025Z", "dateReserved": "2006-06-05T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2006-06-05T17:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qualiteam:x-cart:4.1.0_beta_1:*:*:*:*:*:*:*", "matchCriteriaId": "263B887A-330F-42CF-BA93-439E1154919C", "vulnerable": true}, {"criteria": "cpe:2.3:a:qualiteam:x-cart:gold_4.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "5EA586ED-C395-44F9-AFC0-210C53872D3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:qualiteam:x-cart:pro_4.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "CB8B67CF-A311-4649-B7D1-E4DE7A2D980E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the \"Search for pattern\" field, when the settings specify only \"Search in Detailed description\" and \"Search also in ISBN.\" NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying \"the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters.\" As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims"}], "id": "CVE-2006-2827", "lastModified": "2025-01-17T14:15:27.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2006-06-05T17:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/25204"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25944"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/25204"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25944"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}