CVE-2003-1268

Name of the Vulnerable Software and Affected Versions a.shopKart version 2.0.3

Description The issue allows remote attackers to execute arbitrary SQL and obtain sensitive information. This is achieved through SQL injection vulnerabilities in the addcustomer.asp, addprod.asp, and process.asp files. The zip, state, country, phone, and fax parameters are vulnerable to this type of attack.

Recommendations For a.shopKart version 2.0.3, consider restricting access to the vulnerable parameters zip, state, country, phone, and fax in the affected files until a patch is available. As a temporary workaround, avoid using these parameters in the addcustomer.asp, addprod.asp, and process.asp files to minimize the risk of exploitation.