Back to search
CVE-2007-2997
Published: Jun 4, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
24226
vdb-entry
x_refsource_BID
salesacart-reorder2-sql-injection(34567)
vdb-entry
x_refsource_XF
20070613 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability
mailing-list
x_refsource_BUGTRAQ
2758
third-party-advisory
x_refsource_SREASON
40145
vdb-entry
x_refsource_OSVDB
20070529 RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability
mailing-list
x_refsource_BUGTRAQ
20070614 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now