2 matches found
Sql injection
Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the 1 article parameter to kb.asp, 2 specific parameter to cart.asp, 3 countrycode parameter to contact.asp, and the 4 srch parameter to search.asp. NOTE: the article...
CVE-2008-2688
ASPilot Pilot Cart 7.3 is affected by SQL injection via the article parameter (pilot.asp and kb.asp) that is used in SQL queries without proper sanitization, enabling remote arbitrary SQL execution. This CVE (CVE-2008-2688) covers the article parameter; related entries confirm the same issue acro...