SQL Injection Vulnerability in CactuShop 5.x: Remote Code Execution via strItems Parameter

SQL Injection Vulnerability in CactuShop 5.x: Remote Code Execution via strItems Parameter

CVE-2004-1881 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.

Learn more about our Web Application Penetration Testing UK.