7.5
CVE-2006-6209
- EPSS 1.34%
- Veröffentlicht 01.12.2006 01:28:00
- Zuletzt bearbeitet 16.06.2026 22:32:41
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.34% | 0.676 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://securityreason.com/securityalert/1947
http://www.aria-security.com/forum/showthread.php?t=42
http://www.securityfocus.com/archive/1/452557/100/0/threaded
http://www.securityfocus.com/archive/1/452573/100/0/threaded
http://www.securityfocus.com/bid/21273
https://exchange.xforce.ibmcloud.com/vulnerabilities/30506