CVE-2005-1329
OneWorldStore owOfflineCC.asp - Information Disclosure via idOrder Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-1329. PoCs published by Lostmon.
AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in OneWorldStore. The issue allows attackers to access customer names and addresses by manipulating the 'idOrder' parameter in a URL.
Description
owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Lostmon · textwebappsasp
https://www.exploit-db.com/exploits/25530
This is a writeup describing an information disclosure vulnerability in OneWorldStore. The issue allows attackers to access customer names and addresses by manipulating the 'idOrder' parameter in a URL.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
OneWorldStore (version not specified)
No auth needed
Prerequisites:
Access to the target URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013796
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13361
Patch third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15104
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15781
Exploit, Patch, URL Repurposed x_refsource_confirm
http://www.oneworldstore.com/support_security_issue_updates.asp#April_24_2005_Lostmon
Exploit, Patch x_refsource_misc
http://lostmon.blogspot.com/2005/04/oneworldstore-user-information.html
Scores
EPSS
0.0339
EPSS Percentile
87.3%
Details
Status
published
Products (5)
oneworldstore/oneworldstore
basic
oneworldstore/oneworldstore
business
oneworldstore/oneworldstore
enterprise
oneworldstore/oneworldstore
free
oneworldstore/oneworldstore
soho
Published
May 02, 2005
Tracked Since
Feb 18, 2026