CVE

Id
26354  
CVE No.
CVE-2007-2997  
Status
Candidate  
Description
** DISPUTED ** Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product."  
Phase
Assigned (20070604)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
266913 26354 CVE-2007-2997 BUGTRAQ:20070529 RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability  View
266914 26354 CVE-2007-2997 URL:http://www.securityfocus.com/archive/1/archive/1/469900/100/0/threaded  View
266915 26354 CVE-2007-2997 BUGTRAQ:20070613 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability  View
266916 26354 CVE-2007-2997 URL:http://www.securityfocus.com/archive/1/archive/1/471409/100/0/threaded  View
266917 26354 CVE-2007-2997 BUGTRAQ:20070614 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability  View
266918 26354 CVE-2007-2997 URL:http://www.securityfocus.com/archive/1/archive/1/471415/100/0/threaded  View
266919 26354 CVE-2007-2997 BID:24226  View
266920 26354 CVE-2007-2997 URL:http://www.securityfocus.com/bid/24226  View
266921 26354 CVE-2007-2997 OSVDB:40145  View
266922 26354 CVE-2007-2997 URL:http://osvdb.org/40145  View
266923 26354 CVE-2007-2997 SREASON:2758  View
266924 26354 CVE-2007-2997 URL:http://securityreason.com/securityalert/2758  View
266925 26354 CVE-2007-2997 XF:salesacart-reorder2-sql-injection(34567)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
55250 JVNDB-2007-003942 Microsoft Windows Server 2003 におけるアカウント名を特定される脆弱性 Microsoft Windows Server 2003 は、ユーザーアカウントについて時間制限が有効になっている際、ログイン失敗時に無効なユーザ名と有効なユーザ名で異なるエラーメッセージを生成するため、有効な Active Directory のアカウント名を特定される脆弱性が存在します。 CVE-2007-2999 26354 1.8 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-003942.html  View