Vulnerabilities > CVE-2006-6209 - SQL Injection vulnerability in Midicart Software products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | MidiCart ASP Item_Show.ASP ID2006quant Parameter SQL Injection Vulnerability. CVE-2006-6209. Webapps exploit for asp platform |
| id | EDB-ID:29174 |
| last seen | 2016-02-03 |
| modified | 2006-11-24 |
| published | 2006-11-24 |
| reporter | Aria-Security Team |
| source | https://www.exploit-db.com/download/29174/ |
| title | MidiCart ASP Item_Show.ASP ID2006quant Parameter SQL Injection Vulnerability |
References
- http://securityreason.com/securityalert/1947
- http://www.aria-security.com/forum/showthread.php?t=42
- http://www.securityfocus.com/archive/1/452557/100/0/threaded
- http://www.securityfocus.com/archive/1/452573/100/0/threaded
- http://www.securityfocus.com/bid/21273
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30506