1. CVE-Search
  2. CVE-2006-6209
ID CVE-2006-6209
Summary Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.
References
Vulnerable Configurations
  • cpe:2.3:a:midicart_software:midicart_asp_plus_shopping_cart:*:*:*:*:*:*:*:*
    cpe:2.3:a:midicart_software:midicart_asp_plus_shopping_cart:*:*:*:*:*:*:*:*
  • cpe:2.3:a:midicart_software:midicart_asp_shopping_cart:*:*:*:*:*:*:*:*
    cpe:2.3:a:midicart_software:midicart_asp_shopping_cart:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 21273
bugtraq
  • 20061124 [Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection
  • 20061124 [Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection
misc http://www.aria-security.com/forum/showthread.php?t=42
sreason 1947
xf midicart-itemshow-sql-injection(30506)
Last major update 17-10-2018 - 21:47
Published 01-12-2006 - 01:28
Last modified 17-10-2018 - 21:47
Back to Top