Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vp-asp | Virtual_programming | 4.0 (including) | 4.0 (including) |
Vp-asp | Virtual_programming | 4.50 (including) | 4.50 (including) |
Vp-asp | Virtual_programming | 5.0 (including) | 5.0 (including) |