Description
Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying "The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We have update our demo version and made sure all those vulnerabilities are fixed.
Exploits (3)
exploitdb
WRITEUP
VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/28992
exploitdb
WRITEUP
VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/28994
exploitdb
WRITEUP
VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/28993
References (6)
Core 6
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4501
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22865
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2006-December/001162.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21043
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451322/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1881
Scores
EPSS
0.0366
EPSS Percentile
87.9%
Details
CWE
CWE-89
Status
published
Products (1)
infinicart/infinicart
Published
Nov 17, 2006
Tracked Since
Feb 18, 2026