CVE-2006-5957

Name of the Vulnerable Software and Affected Versions INFINICART (affected versions not specified)

Description The issue concerns SQL injection vulnerabilities that could allow remote attackers to execute arbitrary SQL commands. This is possible via several parameters in different ASP files, including the groupid parameter in "browse group.asp", the productid parameter in "added to cart.asp", and the catid and subid parameters in "browsesubcat.asp". The vendor has disputed the report, stating that the vulnerabilities were only present in an unofficial demo version, not in official released products. However, they have updated the demo version to fix these issues.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.