Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 69.8%