CVE-2003-1268 Information

Description

Multiple SQL injection vulnerabilities in (1) addcustomer.asp (2) addprod.asp and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip state country phone and fax parameters.

Reference

http://secunia.com/advisories/7838 http://www.centaura.com.ar/infosec/adv/ashopkart.txt http://www.iss.net/security_center/static/11029.php http://www.osvdb.org/37036 http://www.osvdb.org/37037 http://www.osvdb.org/37038 http://www.securityfocus.com/archive/1/305685 http://www.securityfocus.com/bid/6558 http://www.securitytracker.com/id?1005903 cpe:2.3:a:urlogy:a.shop.kart:2.0.3:::::::*