Description
SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter.
Product(s):
- Early Impact ProductCart 1.5002
- Early Impact ProductCart 1.5003
- Early Impact ProductCart 1.5003r
- Early Impact ProductCart 1.5004
- Early Impact ProductCart 1.5
- Early Impact ProductCart 1.6002
- Early Impact ProductCart 1.6003
- Early Impact ProductCart 1.6b001
- Early Impact ProductCart 1.6b002
- Early Impact ProductCart 1.6b003
- Early Impact ProductCart 1.6b
- Early Impact ProductCart 1.6br001
- Early Impact ProductCart 1.6br003
- Early Impact ProductCart 1.6br
- Early Impact ProductCart 2.0
- Early Impact ProductCart 2.0br000
- Early Impact ProductCart 2.5
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2173, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2173 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.