CVE-2005-1362

Name of the Vulnerable Software and Affected Versions: MetaCart version 2.0

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is possible via several parameters in different scripts, including the intProdID parameter to "product.asp", the intCatalogID or strSubCatalogID parameters to "productsByCategory.asp", and multiple parameters to "searchAction.asp", such as chkText, strText, chkPrice, intPrice, chkCat, or strCat.

Recommendations: For MetaCart version 2.0, consider restricting access to the vulnerable scripts until a patch is available. As a temporary workaround, avoid using the specified parameters in the affected scripts.