Published: 13/06/2008 Updated: 29/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote malicious users to execute arbitrary SQL commands via the article parameter in a kb action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pilotcart pilot cart 7.3

ASPilot Pilot Cart version 73 suffers from cross site scripting, remote SQL injection, iframe injection and link injection vulnerabilities ...

# Title: [ASPilot Pilot Cart 73 multiple vulnerabilities] # Date: [07112010] # Author: [Ariko-Security] # Software Link: [wwwpilotcartcom] # Version: [73] # CVE Reference: CVE-2008-2688 (only 1 SQL injection) # EDB-ID: 5765 (only 1 SQL injection) # Ariko-Security: Security Audits , Audyt bezpieczeństwa # Advisory: 745/2010 ====== ...

|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | _ __ __ __ ______ | | /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ | | /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ | | \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/ ...

CWE-89 http://www.securityfocus.com/bid/29615 http://secunia.com/advisories/30176 https://exchange.xforce.ibmcloud.com/vulnerabilities/42946 https://www.exploit-db.com/exploits/5765 https://nvd.nist.gov https://packetstormsecurity.com/files/95618/ASPilot-Pilot-Cart-7.3-Cross-Site-Scripting-SQL-Injection.html https://www.exploit-db.com/exploits/15448/

CVE-2008-2688

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect