Vulnerability Description
Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cartwiz | Asp Cart | All versions |
References
- http://marc.info/?l=bugtraq&m=111428393022389&w=2
- http://secunia.com/advisories/15055
- http://securitytracker.com/id?1013792Exploit
- http://www.osvdb.org/15771
- http://www.osvdb.org/15772
- http://www.osvdb.org/15773
- http://www.osvdb.org/15774
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20246
- http://marc.info/?l=bugtraq&m=111428393022389&w=2
- http://secunia.com/advisories/15055
- http://securitytracker.com/id?1013792Exploit
- http://www.osvdb.org/15771
- http://www.osvdb.org/15772
- http://www.osvdb.org/15773
- http://www.osvdb.org/15774
FAQ
What is CVE-2005-1291?
CVE-2005-1291 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) ...
How severe is CVE-2005-1291?
CVE-2005-1291 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1291?
Check the references section above for vendor advisories and patch information. Affected products include: Cartwiz Asp Cart.