Vulnonym.com

CVE-2006-6074 - Untutored Tonguethrust

Description

Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier.

Reference

http://s-a-p.ca/index.php?page=OurAdvisories&id=21 http://www.securityfocus.com/bid/21151 http://secunia.com/advisories/22955 http://securityreason.com/securityalert/1906 http://www.vupen.com/english/advisories/2006/4578 http://www.securityfocus.com/archive/1/451840/100/0/threaded