CVE-2004-1873

A-CART Pro and A-CART 2.0 - SQL Injection via catcode Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-1873. PoCs published by laurent gaffie, Manuel Lopez.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in A-Cart 2.0 and A-Cart Pro, where the 'catcode' parameter in 'category.asp' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

Description

SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29085

The provided text describes a SQL injection vulnerability in A-Cart 2.0 and A-Cart Pro, where the 'catcode' parameter in 'category.asp' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: A-Cart 2.0 and A-Cart Pro
No auth needed
Prerequisites: Access to the vulnerable endpoint · Basic knowledge of SQL injection techniques
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Manuel Lopez · textwebappsasp
https://www.exploit-db.com/exploits/23891

This is a vulnerability writeup describing SQL injection and XSS vulnerabilities in A-Cart. It provides example URLs demonstrating how an attacker could exploit these issues to extract sensitive data or execute malicious scripts.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: A-Cart (version not specified)
No auth needed
Prerequisites: Access to the vulnerable A-Cart web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108057887008983&w=2
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452023/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11236
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452005/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451594/100/100/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9997
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452006/100/0/threaded
URL Repurposed x_refsource_misc
http://s-a-p.ca/index.php?page=OurAdvisories&id=27
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15661

Scores

EPSS 0.0243
EPSS Percentile 82.1%

Details

Status published
Products (1)
alan_ward/a-cart 2.0 (2 CPE variants)
Published Dec 31, 2004
Tracked Since Feb 18, 2026