CVE-2005-2206 Information

Description

Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp (2) sortType parameter to viewSupportTickets.asp or the id parameter to (3) updateCreditCards.asp or (4) deleteCreditCards.asp.

Reference

http://digitalparadox.org/viewadvisories.ah?view=42 http://securitytracker.com/id?1014418