2 matches found
CVE-2006-6074
The CVE-2006-6074 entry concerns Enthrallweb eShopping Cart with multiple SQL injection vulnerabilities. The connected PT-2006-6719 document specifies the vulnerable vectors: user-supplied input in ProductID for reviews.asp, and in cat_id/sub_id for subProducts.asp. The root cause is unsanitized ...
CVE-2006-6073
The CVE-2006-6073 entry describes multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart. The affected components are the productdetail.asp (ProductID parameter) and products.asp (categoryid parameter). The root cause is improper handling of user-supplied input leading to arbitrary ...