CVE-2010-1463 Information

Description

Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the (1) add2cart (2) c_id (3) categoryID (4) list_price (5) name (6) new_offer (7) price (8) product_code (9) productID (10) rating and (11) save_product parameters.

Reference

http://www.securityfocus.com/archive/1/510741/100/0/threaded http://www.vupen.com/english/advisories/2010/0882 http://www.vupen.com/english/research-web.php