CVE-2007-2997

Name of the Vulnerable Software and Affected Versions: SalesCart Shopping Cart (affected versions not specified)

Description: The issue concerns SQL injection vulnerabilities in the cgi-bin/reorder2.asp file of SalesCart Shopping Cart, allowing remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. The vendor disputes this issue, stating it was reproducible on an old, out-of-date demo but not on the released product.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.