Virtual Programming: Security Vulnerabilities
SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-01-13
Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVSS Score
6.8
EPSS Score
0.025
Published
2007-01-13
SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVSS Score
7.5
EPSS Score
0.019
Published
2006-05-09
Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
CVSS Score
4.3
EPSS Score
0.007
Published
2005-11-19
shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption).
CVSS Score
5.0
EPSS Score
0.013
Published
2004-12-31
The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors.
CVSS Score
4.3
EPSS Score
0.013
Published
2004-12-31
Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.
CVSS Score
7.5
EPSS Score
0.005
Published
2004-12-31
SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp.
CVSS Score
7.5
EPSS Score
0.008
Published
2004-12-31
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
CVSS Score
10.0
EPSS Score
0.006
Published
2003-08-18
SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields.
CVSS Score
7.5
EPSS Score
0.045
Published
2002-12-31
Page 1