CVE-2006-6209
N/A
N/A
Summary
Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.aria-security.com/forum/showthread.php?t=42
- http://securityreason.com/securityalert/1947
- http://www.securityfocus.com/archive/1/452557/100/0/threaded
- http://www.securityfocus.com/archive/1/452573/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30506
- http://www.securityfocus.com/bid/21273
References
- http://www.aria-security.com/forum/showthread.php?t=42
- http://securityreason.com/securityalert/1947
- http://www.securityfocus.com/archive/1/452557/100/0/threaded
- http://www.securityfocus.com/archive/1/452573/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30506
- http://www.securityfocus.com/bid/21273
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.