Description
Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp.
Exploits (4)
exploitdb
WRITEUP
VERIFIED
by Dedi Dwianto · textwebappsasp
https://www.exploit-db.com/exploits/25795
exploitdb
WRITEUP
VERIFIED
by Dedi Dwianto · textwebappsasp
https://www.exploit-db.com/exploits/25798
exploitdb
WRITEUP
VERIFIED
by Dedi Dwianto · textwebappsasp
https://www.exploit-db.com/exploits/25797
exploitdb
WRITEUP
VERIFIED
by Dedi Dwianto · textwebappsasp
https://www.exploit-db.com/exploits/25796
References (2)
Core 2
Core References
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014129
Exploit x_refsource_misc
http://echo.or.id/adv/adv16-theday-2005.txt
Scores
EPSS
0.0078
EPSS Percentile
73.8%
Details
Status
published
Products (1)
early_impact/productcart_ecommerce
< 2.7
Published
Jun 16, 2005
Tracked Since
Feb 18, 2026