SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220.
https://exchange.xforce.ibmcloud.com/vulnerabilities/52433
https://exchange.xforce.ibmcloud.com/vulnerabilities/36894