Published: 05/12/2005 Updated: 20/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and previous versions, and Lite 2.1 and previous versions, allow remote malicious users to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. NOTE: the original disclosure was specifically only for an XSS issue, but the CVE description was for SQL injection. Since the original disclosure, SQL injection vectors have been reported. This CVE might be REJECTed or significantly altered pending additional information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asps shopping cart 2.9d
asps shopping cart 2.1

source: wwwsecurityfocuscom/bid/15694/info ASPS Shopping Cart is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in th ...

source: wwwsecurityfocuscom/bid/15694/info ASPS Shopping Cart is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the ...

NVD-CWE-Other http://www.securityfocus.com/bid/15694 http://pridels0.blogspot.com/2005/12/asps-shopping-cart-professional-and.html https://nvd.nist.gov https://www.exploit-db.com/exploits/26702/

CVE-2005-4003

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect