Description
Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Ariko-Security · textwebappsasp
https://www.exploit-db.com/exploits/15448
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30176
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt
Exploit x_refsource_misc
http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15448
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44698
Exploit mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=128913521908405&w=2
Scores
EPSS
0.0161
EPSS Percentile
81.8%
Details
CWE
CWE-89
Status
published
Products (1)
pilotcart/pilot_cart
7.3
Published
Dec 30, 2010
Tracked Since
Feb 18, 2026