Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1291

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1291
Last Modified 05 Sep 2008 04:48:45
Published 23 Apr 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1291

Summary

Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.

Vulnerable Systems

Application

  • Cartwiz Asp Cart


References

XF - cartwiz-multiple-sql-injection(20246)

SECTRACK - 1013792

SECUNIA - 15055

OSVDB - 15774

OSVDB - 15773

OSVDB - 15772

OSVDB - 15771

BUGTRAQ - 20050423 Multiple Sql injection and XSS in CartWIZ ASP Cart


Last Updated: 27 May 2016 10:40:06