CVE-2006-6209 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.

Reference

http://securityreason.com/securityalert/1947 http://www.aria-security.com/forum/showthread.php?t=42 http://www.securityfocus.com/archive/1/452557/100/0/threaded http://www.securityfocus.com/archive/1/452573/100/0/threaded http://www.securityfocus.com/bid/21273 https://exchange.xforce.ibmcloud.com/vulnerabilities/30506

Share on: