Vulnerabilities > CVE-2006-2164 - Unspecified vulnerability in Pentasoft Corp. Avactis Shopping Cart
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in (c) cart.php and (d) product_info.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://pridels0.blogspot.com/2006/05/avactis-shopping-cart-vuln.html
- http://pridels0.blogspot.com/2006/05/avactis-shopping-cart-vuln.html
- http://www.osvdb.org/25637
- http://www.osvdb.org/25637
- http://www.osvdb.org/25638
- http://www.osvdb.org/25638
- http://www.osvdb.org/25639
- http://www.osvdb.org/25639
- http://www.osvdb.org/25640
- http://www.osvdb.org/25640
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26178
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26178