CVE-2005-1361

Name of the Vulnerable Software and Affected Versions: MetaCart e-Shop version 8.0

Description: The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the intProdID parameter in "product.asp" or the strCatalog NAME parameter in "productsByCategory.asp".

Recommendations: For MetaCart e-Shop version 8.0, consider restricting access to the product.asp and productsByCategory.asp pages until a patch is available. As a temporary workaround, avoid using the intProdID and strCatalog NAME parameters in the affected API endpoints until the issue is resolved.