CVE-2005-2206

2005-07-1104:00:00

mitre

www.cve.org

sql injection

cartwiz

remote attackers

modify sql statements

idproduct parameter

sorttype parameter

viewsupporttickets.asp

updatecreditcards.asp

deletecreditcards.asp

AI Score

7.8

Confidence

Low

EPSS

0.002

Percentile

56.8%

JSON

Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3) updateCreditCards.asp or (4) deleteCreditCards.asp.

References

digitalparadox.org/viewadvisories.ah?view=42

securitytracker.com/id?1014418