Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-04-07T04:00:00
Updated: 2024-08-07T21:35:59.528Z
Reserved: 2005-04-07T00:00:00
Link: CVE-2005-0994
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-05-02T04:00:00.000
Modified: 2021-06-15T20:15:10.803
Link: CVE-2005-0994
Redhat
No data.