vendor:
CartWeaver
by:
meoconx[at]vnbrain.net
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: CartWeaver
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Unknown
2007
CartWeaver SQL Injection Vulnerability
The CartWeaver application is vulnerable to SQL injection attacks in the Details.cfm page, specifically in the ProdID parameter. An attacker can manipulate the ProdID parameter to execute arbitrary SQL queries. This can lead to unauthorized access, disclosure of sensitive information, and potential compromise of the application and its data.
Mitigation:
To mitigate this vulnerability, it is recommended to implement proper input validation and parameterized queries to prevent SQL injection attacks. Additionally, the vendor should release a patch or update to address this vulnerability.