CVE-2007-0142
CVE-2007-0142 describes a SQL injection in orange.asp of ShopStoreNow E-commerce Shopping Cart, exploitable via the CatID parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. The NVD entry lists base metrics: AV:N/AC:L/Au:N/C:P/I:P/A:P, base score 7.5 (HIGH). Th...