CVE-2007-5261

Iscripts Multicart - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by k1tk4t · perlwebappsphp

https://www.exploit-db.com/exploits/4480

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36927

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4480

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25895

Scores

EPSS 0.0031

EPSS Percentile 54.2%

Details

CWE

CWE-89

Status published

Products (1)

iscripts/multicart 1.0

Published Oct 06, 2007

Tracked Since Feb 18, 2026