CVE-2005-1291

Name of the Vulnerable Software and Affected Versions: CartWIZ ASP Cart (affected versions not specified)

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through various API endpoints and parameters, including the idProduct parameter to "addToCart.asp" or "productDetails.asp", the priceFrom, idCategory, or priceTo parameters to "searchResults.asp", or the idParentCategory parameter to "productCatalogSubCats.asp".

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.