Vpasp: >> Vp-Asp Shopping Cart >> 6.00 Security Vulnerabilities
SQL injection vulnerability in the Getwebsess function in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via the websess parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-04-28
Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to determine the existence of arbitrary files via directory traversal sequences in the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions.
CVSS Score
5.0
EPSS Score
0.002
Published
2010-04-28
Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to inject arbitrary web script or HTML via the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions.
CVSS Score
4.3
EPSS Score
0.002
Published
2010-04-28