CVE-2005-1291

critical

Description

Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/20246

http://www.osvdb.org/15774

http://www.osvdb.org/15773

http://www.osvdb.org/15772

http://www.osvdb.org/15771

http://secunia.com/advisories/15055

http://marc.info/?l=bugtraq&m=111428393022389&w=2

Details

Source: Mitre, NVD

Published: 2005-04-23

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01139