CVE-2005-1291 - Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitra

CVE-2005-1291

Summary

Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.

References

Vulnerable Configurations

cpe:2.3:a:cartwiz:asp_cart:*:*:*:*:*:*:*:*
cpe:2.3:a:cartwiz:asp_cart:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20050423 Multiple Sql injection and XSS in CartWIZ ASP Cart
osvdb	15771 15772 15773 15774
sectrack	1013792
secunia	15055
xf	cartwiz-multiple-sql-injection(20246)

Last major update

11-07-2017 - 01:32

Published

23-04-2005 - 04:00

Last modified

11-07-2017 - 01:32