Skip to main content

CVE-2004-2412

Severity High
Score 7.5/10

Summary

Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • PARTIAL

References

Advisory Timeline

  • Published