CVE-2006-6209

Name of the Vulnerable Software and Affected Versions MidiCart ASP Shopping Cart (affected versions not specified) MidiCart ASP Plus Shopping Cart (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the id2006quant parameter to the "item show.asp" endpoint, or the maingroup or secondgroup parameter to the "item list.asp" endpoint.

Recommendations For MidiCart ASP Shopping Cart, restrict access to the item show.asp and item list.asp endpoints until a fix is available. For MidiCart ASP Plus Shopping Cart, avoid using the id2006quant, maingroup, and secondgroup parameters in the affected API endpoints until the issue is resolved. As a temporary workaround, consider disabling the SQL execution functionality in the vulnerable endpoints until a patch is available.