2 matches found
CVE-2003-0557
CVE-2003-0557 describes an SQL injection vulnerability in login.asp for StoreFront 6.0 (and possibly earlier versions). The issue allows remote attackers to obtain sensitive user information via SQL statements in the password field. Per NVD metrics, the base score is 7.5 (HIGH) with network acces...
CVE-2008-1341
CVE-2008-1341 describes a SQL injection in the LaGarde StoreFront 6 product prior to SP8, exploitable via the CategoryId parameter in SearchResults.aspx. The vulnerability allows remote attackers to execute arbitrary SQL commands, with the impact described as partial confidentiality/integrity/ava...