Vulnerability Description
SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the same as CVE-2005-2190.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Comersus Open Technologies | Comersus Cart | 7.07 |
References
- http://osvdb.org/36152
- http://securityreason.com/securityalert/2819
- http://www.securityfocus.com/archive/1/471837/100/0/threaded
- http://www.securityfocus.com/bid/24562Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34953
- http://osvdb.org/36152
- http://securityreason.com/securityalert/2819
- http://www.securityfocus.com/archive/1/471837/100/0/threaded
- http://www.securityfocus.com/bid/24562Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34953
FAQ
What is CVE-2007-3323?
CVE-2007-3323 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the...
How severe is CVE-2007-3323?
CVE-2007-3323 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3323?
Check the references section above for vendor advisories and patch information. Affected products include: Comersus Open Technologies Comersus Cart.