Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying "The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We have update our demo version and made sure all those vulnerabilities are fixed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
INFINICART 多个SQL注入漏洞
Vulnerability Description
** 争议 ** INFINICART中存在多个SQL注入漏洞, 远程攻击者可通过在(a)browse_group.asp内的(1)groupid参数,在(b)added_to_cart.asp内的(2)productid参数和在(c)browsesubcat.asp内的(3)catid和(4)subid参数。注:厂商对此报告有争议,指出"所提的漏洞在我们的官方发布产品中不存在,但只在非官方的演示版本中出现。然而,我们还是感谢此信息。我们已经更新了演示版并确保所有漏洞都修复。"
CVSS Information
N/A
Vulnerability Type
N/A