CVE-2005-1291 Information

Description

Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp the (3) priceFrom (4) idCategory or (5) priceTo parameter to searchResults.asp or (6) the idParentCategory parameter to productCatalogSubCats.asp.

Reference

http://marc.info/?l=bugtraq&m=111428393022389&w=2 http://secunia.com/advisories/15055 http://securitytracker.com/id?1013792 http://www.osvdb.org/15771 http://www.osvdb.org/15772 http://www.osvdb.org/15773 http://www.osvdb.org/15774 https://exchange.xforce.ibmcloud.com/vulnerabilities/20246