CVE-2006-6074 Information

Description

Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier.

Reference

http://s-a-p.ca/index.php?page=OurAdvisories&id=21 http://secunia.com/advisories/22955 http://securityreason.com/securityalert/1906 http://www.securityfocus.com/archive/1/451840/100/0/threaded http://www.securityfocus.com/bid/21151 http://www.vupen.com/english/advisories/2006/4578