VPASP.Ecommerce.SQL.Injection
Description
It indicates a possible exploit of SQL injection Vulnerability in shopadmin.asp of VP-ASP 4.0 that may allow attacker to execute arbitrary SQL commands to manipulate database and bypass authentication via the (1) username or (2) password fields. Virtual Programming VP-ASP is a shopping cart application for e-commerce enabled sites.
Affected Products
Virtual Programming VP-ASP 4.0.
Impact
Gain Access.
Recommended Actions
The vendor has suggested the administration page be moved to an unpredictable location.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |