CVE-2009-0462

Name of the Vulnerable Software and Affected Versions ClickCart version 6.0

Description The issue concerns SQL injection vulnerabilities in the customer login check.asp file. Remote attackers can execute arbitrary SQL commands by manipulating the txtEmail parameter (also known as the E-MAIL field) or the txtPassword parameter (also known as the password field) in the customer login.asp file.

Recommendations For ClickCart version 6.0, consider restricting access to the customer login check.asp file until a patch is available. As a temporary workaround, avoid using the txtEmail and txtPassword parameters in the customer login.asp file to minimize the risk of exploitation.