virtual programming vp-asp 5.0 vulnerabilities and exploits

(subscribe to this query)

4.3

CVSSv2

The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 up to and including 5.0 does not sufficiently cleanse inputs, which allows remote malicious users to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascr...

Virtual Programming Vp-asp 4.0 Virtual Programming Vp-asp 4.50 Virtual Programming Vp-asp 5.0

1 EDB exploit

7.5

CVSSv2

SQL injection vulnerability in VP-ASP Shopping Cart 4.0 up to and including 5.0 allows remote malicious users to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp.

Virtual Programming Vp-asp 4.0 Virtual Programming Vp-asp 4.50 Virtual Programming Vp-asp 5.0

1 EDB exploit

7.5

CVSSv2

Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 up to and including 5.0 allow remote malicious users to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.

Virtual Programming Vp-asp 4.0 Virtual Programming Vp-asp 4.50 Virtual Programming Vp-asp 5.0

10

CVSSv2

SQL injection vulnerability in shopexd.asp for VP-ASP allows remote malicious users to gain administrator privileges via the id parameter.

Virtual Programming Vp-asp 5.0

2 EDB exploits

5

CVSSv2

shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote malicious users to cause a denial of service (connection consumption).

Virtual Programming Vp-asp 5.0

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook