CVE-2006-6207 : SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to exe

SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL error

Published 2006-12-01 01:28:00

Updated 2024-04-11 00:41:19

Source MITRE

View at NVD, CVE.org

Vulnerability category: Sql Injection

Exploit prediction scoring system (EPSS) score for CVE-2006-6207

Probability of exploitation activity in the next 30 days: 0.53%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-6207

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-6207

http://www.securityfocus.com/archive/1/453549/100/0/threaded

CVEs referencing this url
http://www.securityfocus.com/archive/1/452706/100/0/threaded
http://www.securityfocus.com/bid/21323

Exploit;Vendor Advisory
http://securityreason.com/securityalert/1933

Evolve shopping cart SQL Injection Vulnerability - CXSecurity.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/30540

Evolve shopping cart products.asp SQL injection CVE-2006-6207 Vulnerability Report

Products affected by CVE-2006-6207

Lynx Internet Solutions » Evolve Merchant
cpe:2.3:a:lynx_internet_solutions:evolve_merchant:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-6207

Exploit prediction scoring system (EPSS) score for CVE-2006-6207

CVSS scores for CVE-2006-6207

References for CVE-2006-6207

Products affected by CVE-2006-6207