CVE-2006-4297

SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters.

🔗 References (14)

• cve@mitrehttp://forums.oscommerce.com/index.php?showtopic=223556&pid=918371
• cve@mitrehttp://securitytracker.com/id?1016719
• cve@mitrehttp://www.gulftech.org/?node=research&article_id=00110-08172006
• cve@mitrehttp://www.securityfocus.com/archive/1/444780/100/0/threaded
• cve@mitrehttp://www.securityfocus.com/bid/19644
• cve@mitrehttp://www.securityfocus.com/bid/19774
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/28434
• af854a3a-2127-422b-91ae-364da2661108http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371
• af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016719
• af854a3a-2127-422b-91ae-364da2661108http://www.gulftech.org/?node=research&article_id=00110-08172006
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/444780/100/0/threaded
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19644
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19774
• af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28434