Back to search
CVE-2006-6209
Published: Dec 1, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.aria-security.com/forum/showthread.php?t=42
x_refsource_MISC
1947
third-party-advisory
x_refsource_SREASON
20061124 [Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection
mailing-list
x_refsource_BUGTRAQ
20061124 [Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection
mailing-list
x_refsource_BUGTRAQ
midicart-itemshow-sql-injection(30506)
vdb-entry
x_refsource_XF
21273
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now