Intrusion Prevention

MetaLinks.MetaCart2.IntCatalogID.SQL.Injection

Description

It indicates a possible exploit of a sql injection vulnerability in MetaCart that may allow remote attackers to execute arbitrary SQL commands via a parameter intCatalogID, in productsByCategory.asp.

Affected Products

MetaLinks MetaCart2 for SQL Server UK Edition
MetaLinks MetaCart2 for PayPal
MetaLinks MetaCart2 for PayFlow Link

Impact

Compromise of affected system

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2005-1362