CVE-2006-6031

Name of the Vulnerable Software and Affected Versions ASPCart (affected versions not specified)

Description The issue concerns multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved through various parameters in different ASP files, including prodid in prodetails.asp, page in display.asp, and multiple parameters in addcart.asp such as custid, item, price, custom, department, start, quantity, submit, custom1, custom2, custom3, and customerid in payment.asp.

Recommendations For ASPCart, to mitigate this issue, consider temporarily restricting access to the vulnerable API endpoints, such as "prodetails.asp", "display.asp", "addcart.asp", and "payment.asp", until a patch is available. Avoid using the parameters prodid, page, custid, item, price, custom, department, start, quantity, submit, custom1, custom2, custom3, and customerid in the affected ASP files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.