Vulnerability Details CVE-2006-5991
Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://aria-security.net/advisory/WWWeb%20Cocepts.txt
- http://secunia.com/advisories/22895
- http://securityreason.com/securityalert/1887
- http://www.securityfocus.com/archive/1/451513/100/100/threaded
- http://www.securityfocus.com/bid/21076
- http://www.vupen.com/english/advisories/2006/4528
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30261
- http://aria-security.net/advisory/WWWeb%20Cocepts.txt
- http://secunia.com/advisories/22895
- http://securityreason.com/securityalert/1887
- http://www.securityfocus.com/archive/1/451513/100/100/threaded
- http://www.securityfocus.com/bid/21076
- http://www.vupen.com/english/advisories/2006/4528
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30261