← back
CVE-2006-6209

CVE-2006-6209

EPSS 1.3%
Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/29174unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securityreason.com/securityalert/1947https://exchange.xforce.ibmcloud.com/vulnerabilities/30506http://www.aria-security.com/forum/showthread.php?t=42http://www.securityfocus.com/archive/1/452557/100/0/threadedhttp://www.securityfocus.com/archive/1/452573/100/0/threadedhttp://www.securityfocus.com/bid/21273