Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2005-2206

Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3) updateCreditCards.asp or (4) deleteCreditCards.asp.

  • Published: Jul 11, 2005
  • Updated: Apr 13, 2023
  • CVE: CVE-2005-2206
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
elemental_software / cartwiz - -