Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2164


Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2164
Last Modified 03 Nov 2008 01:19:19
Published 04 May 2006 08:38:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in (c) cart.php and (d) product_info.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.

Vulnerable Systems


  • Pentasoft Corp. Avactis Shopping Cart 0.1.2


XF - avactis-multiple-scripts-sql-injection(26178)

OSVDB - 25640

OSVDB - 25639

OSVDB - 25638

OSVDB - 25637


Last Updated: 27 May 2016 10:42:22