CVE-2004-2412

CVE-2004-2412

EPSS 1.2%

Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/11201 https://exchange.xforce.ibmcloud.com/vulnerabilities/15588 http://www.securityfocus.com/bid/9967 http://www.vpasp.com/virtprog/info/faq_securityfixes.htm