cbcvebase.

Virtual Programming Vp-Asp vulnerabilities

10 known vulnerabilities affecting virtual_programming/vp-asp.

Total CVEs
10
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2003-0560P3CRITICALCVSS 10.0PoCv5.02003-08-18
CVE-2003-0560 [CRITICAL] CVE-2003-0560: SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
nvd
CVE-2007-0224P3HIGHCVSS 7.5PoCv6.092007-01-13
CVE-2007-0224 [HIGH] CVE-2007-0224: SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.
nvd
CVE-2006-2263P3HIGHCVSS 7.5PoCv6.002006-05-09
CVE-2006-2263 [HIGH] CVE-2006-2263: SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute ar SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
nvd
CVE-2004-2413P3HIGHCVSS 7.5PoCv4.0v4.50+1 more2004-12-31
CVE-2004-2413 [HIGH] CVE-2004-2413: SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execu SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp.
nvd
CVE-2007-0225P4MEDIUMCVSS 6.8PoCv6.092007-01-13
CVE-2007-0225 [MEDIUM] CVE-2007-0225: Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earli Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
nvd
CVE-2005-3685P4MEDIUMCVSS 4.3PoCv5.502005-11-19
CVE-2005-3685 [MEDIUM] CVE-2005-3685: Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
nvd
CVE-2004-2411P4MEDIUMCVSS 4.3PoCv4.0v4.50+1 more2004-12-31
CVE-2004-2411 [MEDIUM] CVE-2004-2411: The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not suffici The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and
nvd
CVE-2002-1919P3HIGHCVSS 7.5v4.02002-12-31
CVE-2002-1919 [HIGH] CVE-2002-1919: SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitr SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields.
nvd
CVE-2004-2412P4HIGHCVSS 7.5v4.0v4.50+1 more2004-12-31
CVE-2004-2412 [HIGH] CVE-2004-2412: Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attacker Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.
nvd
CVE-2004-2164P4MEDIUMCVSS 5.0v5.02004-12-31
CVE-2004-2164 [MEDIUM] CVE-2004-2164: shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a pre shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption).
nvd
Virtual Programming Vp-Asp vulnerabilities | cvebase