MetaCart E-Shop V-8 StrCatalog_NAME Parameter Remote SQL Injection Vulnerability

MetaCart E-Shop V-8 StrCatalog_NAME Parameter Remote SQL Injection Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided:

http://www.example.com/eshopv-8/productsByCategory.asp?intCatalogID=&amp%3bpage=2&amp%3bstrCatalog_NAME='SQL_INJECTION
http://www.example.com/mcart2pal/productsByCategory.asp?intCatalogID=&amp%3bpage=2&amp%3bstrCatalog_NAME='SQL_INJECTION