CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-4632

Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.017

EPSS Ranking 81.7%

CVSS Severity

CVSS v2 Score 7.5

References

http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html
http://marc.info/?l=full-disclosure&m=128913521908405&w=2
http://packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt
http://secunia.com/advisories/30176
http://www.exploit-db.com/exploits/15448
http://www.securityfocus.com/bid/44698
http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html
http://marc.info/?l=full-disclosure&m=128913521908405&w=2
http://packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt
http://secunia.com/advisories/30176
http://www.exploit-db.com/exploits/15448
http://www.securityfocus.com/bid/44698

Products affected by CVE-2010-4632

Pilotcart » Pilot Cart » Version: 7.3

cpe:2.3:a:pilotcart:pilot_cart:7.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-4632

Products

Pricing

Contact Us