Evolve Merchant Viewcart.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21070/info Evolve Merchant is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

PT-2006-6618 · Evolve · Evolve Shopping Cart

Name of the Vulnerable Software and Affected Versions: Evolve shopping cart affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the zoneid parameter in the "viewcart.asp" file. This enables attackers to manipulate the database by...

CVE-2006-5953

The CVE-2006-5953 issue is an SQL injection in Evolve shopping cart's viewcart.asp, exploitable through the zoneid parameter to execute arbitrary SQL commands. Documented in multiple sources (NVD, CVE lists, PT-2006-6618) confirms the vulnerability and its remote nature but provides no concrete d...

CVE-2005-2427

CVE-2005-2427 describes a cross-site scripting (XSS) vulnerability in CartWIZ’s viewCart.asp, exploitable via the message parameter to inject arbitrary script/HTML. The connected documents confirm the affected component (viewCart.asp) and the vulnerability class (XSS) but do not provide product v...

CVE-2004-0348

CVE-2004-0348 pertains to SpiderSales Shopping Cart software, affecting the viewCart.asp component. The root cause is an SQL injection via the userId parameter, enabling a remote attacker to execute arbitrary SQL statements with full impact on confidentiality, integrity, and availability (CVSS v2...