PT-2002-2640 · Vp Asp · Vp-Asp

Published

2002-12-31

Updated

2009-04-11

CVE-2002-1919

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions VP-ASP version 4.0

Description The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This can be achieved via the username or password fields in the shopadmin.asp file.

Recommendations For VP-ASP version 4.0, update the shopadmin.asp file to properly sanitize input in the username and password fields to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the shopadmin.asp file until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1919

Affected Products

Vp-Asp

PT-2002-2640 · Vp Asp · Vp-Asp

CVE-2002-1919

Related Identifiers

Affected Products

References · 5