CVE-2010-4632

Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp.  NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
pilotcartpilot_cart
7.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html
http://marc.info/?l=full-disclosure&m=128913521908405&w=2
http://packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt
http://secunia.com/advisories/30176
http://www.exploit-db.com/exploits/15448
http://www.securityfocus.com/bid/44698
http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html
http://marc.info/?l=full-disclosure&m=128913521908405&w=2
http://packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt
http://secunia.com/advisories/30176
http://www.exploit-db.com/exploits/15448
http://www.securityfocus.com/bid/44698