CVE-2005-3735

Name of the Vulnerable Software and Affected Versions e-Quick Cart (affected versions not specified)

Description The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerable parameters are productid in "shopaddtocart.asp", strpemail in "shopprojectlogin.asp", and id in "shoptellafriend.asp".

Recommendations To resolve the issue, consider temporarily restricting access to the vulnerable API endpoints "shopaddtocart.asp", "shopprojectlogin.asp", and "shoptellafriend.asp" until a patch is available. Avoid using the parameters productid, strpemail, and id in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.