CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2006-6207 – Evolve Shopping Cart - 'products.asp' SQL Injection
https://notcve.org/view.php?id=CVE-2006-6207
SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL error ** IMPUGNADA ** Vulnerabilidad de inyección SQL en products.asp de Evolve shopping cart (también conocido como Evolve Merchant) permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro partno. NOTA: el vendedor impugna este asunto, indicando que es un error forzado de SQL. • https://www.exploit-db.com/exploits/29197 http://securityreason.com/securityalert/1933 http://www.securityfocus.com/archive/1/452706/100/0/threaded http://www.securityfocus.com/archive/1/453549/100/0/threaded http://www.securityfocus.com/bid/21323 https://exchange.xforce.ibmcloud.com/vulnerabilities/30540 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-5953
https://notcve.org/view.php?id=CVE-2006-5953
SQL injection vulnerability in viewcart.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the zoneid parameter. Vulnerabilidad de inyección SQL en viewcart.asp en Evolve shopping cart (también conocido como Evolve Merchant) permite a un atacante remoto ejecutar comandos SQL a través del parámetro zoneid. • http://s-a-p.ca/index.php?page=OurAdvisories&id=28 http://secunia.com/advisories/22912 http://www.securityfocus.com/archive/1/451549/100/100/threaded http://www.securityfocus.com/archive/1/453549/100/0/threaded http://www.securityfocus.com/bid/21070/info http://www.vupen.com/english/advisories/2006/4530 https://exchange.xforce.ibmcloud.com/vulnerabilities/30272 •