CVE-2007-4762

E-smart Cart - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SmOk3 · textwebappsasp

https://www.exploit-db.com/exploits/30564

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39988

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/487055/100/200/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/38419

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27452

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25532

Various Sources x_refsource_misc

http://14house.blogspot.com/2007/09/e-smart-cart-sql-injection.html

Scores

EPSS 0.0070

EPSS Percentile 72.2%

Details

CWE

CWE-89

Status published

Products (1)

e-smart_cart/e-smart_cart 1.0

Published Sep 08, 2007

Tracked Since Feb 18, 2026