CVE-2007-5261

Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.

Published: Oct 6, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5261
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
iscripts / multicart	1.0	1.0.x

http://www.securityfocus.com/bid/25895
https://exchange.xforce.ibmcloud.com/vulnerabilities/36927
https://www.exploit-db.com/exploits/4480

Vulnerability Database

CVE-2007-5261