MetaCart2 CurCatalogID Parameter Remote SQL Injection Vulnerability

MetaCart2 CurCatalogID Parameter Remote SQL Injection Vulnerability

No exploit is required to leverage this issue.

The following proof of concepts are available:

http://www.example.com/mcart2pfp/productsByCategory.asp?strSubCatalogID=1&amp%3bcurCatalogID='SQL_INJECTION&amp%3bstrSubCatalog_NAME=Laptops
http://www.example.com/mcart2pal/productsByCategory.asp?strSubCatalogID=1&amp%3bcurCatalogID=%27SQL_INJECTION&amp%3bstrSubCatalog_NAME=Laptops