虚拟Programming VP-ASP Shopproductselect脚本SQL注入漏洞

漏洞信息详情

虚拟Programming VP-ASP Shopproductselect脚本SQL注入漏洞

• CNNVD编号：CNNVD-200412-557
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-2413
  
• 漏洞类型：
  
  
  SQL注入
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  virtual_programming
• 漏洞来源：
  .’);”>This issue was rep…

VP-ASP Shopping Cart 4.0至5.0版本存在SQL注入漏洞。远程攻击者可以借助shopproductselect.asp的POST请求的（1）Processed0和（2）Processed1参数执行任意SQL命令。

The vendor has released fixes to address this issue. It is reported that the fixes are applied to VP-ASP 5.0 as of February 2004. Please contact the vendor for more information.

来源: XF
名称: vpasp-shopproductselect-sql-injection(16400)
链接:http://xforce.iss.net/xforce/xfdb/16400

来源: BID
名称: 10536
链接:http://www.securityfocus.com/bid/10536

来源: FULLDISC
名称: 20040613 VP-ASP Shopping Cart Multiple Vulnerabilities
链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0363.html