CVE-2005-1291

CVE-2005-1291

EPSS 1.5%

Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://marc.info/?l=bugtraq&m=111428393022389&w=2 http://secunia.com/advisories/15055 http://securitytracker.com/id?1013792 https://exchange.xforce.ibmcloud.com/vulnerabilities/20246 http://www.osvdb.org/15771 http://www.osvdb.org/15772 http://www.osvdb.org/15773 http://www.osvdb.org/15774