CVE-2006-6074 - Untutored Tonguethrust
Description
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier.
Reference
http://s-a-p.ca/index.php?page=OurAdvisories&id=21 http://www.securityfocus.com/bid/21151 http://secunia.com/advisories/22955 http://securityreason.com/securityalert/1906 http://www.vupen.com/english/advisories/2006/4578 http://www.securityfocus.com/archive/1/451840/100/0/threaded