Vulnerabilities > CVE-2006-6209 - Unspecified vulnerability in Midicart Software products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN midicart-software
exploit available
Summary
Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | MidiCart ASP Item_Show.ASP ID2006quant Parameter SQL Injection Vulnerability. CVE-2006-6209. Webapps exploit for asp platform |
| id | EDB-ID:29174 |
| last seen | 2016-02-03 |
| modified | 2006-11-24 |
| published | 2006-11-24 |
| reporter | Aria-Security Team |
| source | https://www.exploit-db.com/download/29174/ |
| title | MidiCart ASP Item_Show.ASP ID2006quant Parameter SQL Injection Vulnerability |
References
- http://securityreason.com/securityalert/1947
- http://securityreason.com/securityalert/1947
- http://www.aria-security.com/forum/showthread.php?t=42
- http://www.aria-security.com/forum/showthread.php?t=42
- http://www.securityfocus.com/archive/1/452557/100/0/threaded
- http://www.securityfocus.com/archive/1/452557/100/0/threaded
- http://www.securityfocus.com/archive/1/452573/100/0/threaded
- http://www.securityfocus.com/archive/1/452573/100/0/threaded
- http://www.securityfocus.com/bid/21273
- http://www.securityfocus.com/bid/21273
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30506
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30506