CVE-2006-6209
Midicart Software Midicart Asp Plus Shopping Cart - SQL Injection
Title source: ruleDescription
Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsasp
https://www.exploit-db.com/exploits/29174
References (6)
Core 6
Core References
Exploit x_refsource_misc
http://www.aria-security.com/forum/showthread.php?t=42
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30506
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21273
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1947
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452557/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452573/100/0/threaded
Scores
EPSS
0.0087
EPSS Percentile
75.3%
Details
Status
published
Products (2)
midicart_software/midicart_asp_plus_shopping_cart
midicart_software/midicart_asp_shopping_cart
Published
Dec 01, 2006
Tracked Since
Feb 18, 2026