Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.
marc.info/?l=bugtraq&m=111352017704126&w=2
secunia.com/advisories/14969
securitytracker.com/id?1013720
www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab
www.osvdb.org/15518
www.osvdb.org/15519
www.osvdb.org/15520
www.securityfocus.com/bid/13181
www.securityfocus.com/bid/13182
www.securityfocus.com/bid/13183
exchange.xforce.ibmcloud.com/vulnerabilities/20097