CVE-2004-2412 - Ascendable Dividers

Description

Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.

Reference

http://www.vpasp.com/virtprog/info/faq_securityfixes.htm http://www.securityfocus.com/bid/9967 http://secunia.com/advisories/11201 https://exchange.xforce.ibmcloud.com/vulnerabilities/15588