CVE-2006-6209

Sažetak

Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.

Reference

http://securityreason.com/securityalert/1947
http://www.aria-security.com/forum/showthread.php?t=42
http://www.securityfocus.com/archive/1/452557/100/0/threaded
http://www.securityfocus.com/archive/1/452573/100/0/threaded
http://www.securityfocus.com/bid/21273
https://exchange.xforce.ibmcloud.com/vulnerabilities/30506

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-10-2018 - 21:47

Objavljeno

01-12-2006 - 01:28