Vulnerabilities > CVE-2006-6074 - Unspecified vulnerability in Enthrallweb Eshopping Cart
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://s-a-p.ca/index.php?page=OurAdvisories&id=21
- http://s-a-p.ca/index.php?page=OurAdvisories&id=21
- http://secunia.com/advisories/22955
- http://secunia.com/advisories/22955
- http://securityreason.com/securityalert/1906
- http://securityreason.com/securityalert/1906
- http://www.securityfocus.com/archive/1/451840/100/0/threaded
- http://www.securityfocus.com/archive/1/451840/100/0/threaded
- http://www.securityfocus.com/bid/21151
- http://www.securityfocus.com/bid/21151
- http://www.vupen.com/english/advisories/2006/4578
- http://www.vupen.com/english/advisories/2006/4578