SQL injection vulnerability in the Getwebsess function in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via the websess parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vpasp | vp-asp_shopping_cart | * |
| vpasp | vp-asp_shopping_cart | 5.50 |
| vpasp | vp-asp_shopping_cart | 6.00 |
Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to determine the existence of arbitrary files via directory traversal sequences in the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vpasp | vp-asp_shopping_cart | * |
| vpasp | vp-asp_shopping_cart | 5.50 |
| vpasp | vp-asp_shopping_cart | 6.00 |
Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to inject arbitrary web script or HTML via the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vpasp | vp-asp_shopping_cart | * |
| vpasp | vp-asp_shopping_cart | 5.50 |
| vpasp | vp-asp_shopping_cart | 6.00 |