Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| E-commerce_kit-1 | Sitesoutlet | paypal_edition (including) | paypal_edition (including) |
References
- http://secunia.com/advisories/22975
- http://securityreason.com/securityalert/1900
- http://www.securityfocus.com/archive/1/451771/100/0/threaded
- http://www.securityfocus.com/bid/21056
- http://www.vupen.com/english/advisories/2006/4571
- http://secunia.com/advisories/22975
- http://securityreason.com/securityalert/1900
- http://www.securityfocus.com/archive/1/451771/100/0/threaded
- http://www.securityfocus.com/bid/21056
- http://www.vupen.com/english/advisories/2006/4571