CVE-2004-2412

Description

Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/15588

http://www.vpasp.com/virtprog/info/faq_securityfixes.htm

http://www.securityfocus.com/bid/9967

http://secunia.com/advisories/11201

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS