CVE-2002-1919

Name of the Vulnerable Software and Affected Versions VP-ASP version 4.0

Description The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This can be achieved via the username or password fields in the shopadmin.asp file.

Recommendations For VP-ASP version 4.0, update the shopadmin.asp file to properly sanitize input in the username and password fields to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the shopadmin.asp file until a patch is available.