Virtual Programming VP-ASP Shopping Cart CatalogID SQL Injection Vulnerability

Virtual Programming VP-ASP Shopping Cart CatalogID SQL Injection Vulnerability

Solution:
The vendor has suggested the following solution for this issue:

This fix is included in VP-ASP 5.0 after July 10, 2003 and does not need to be applied to 5.0

edit file 'shopreviewlist.asp' and 'shopreviewadd.asp'

Replace the following code:
If catalogid="" then
shoperror LangNoCatalogId
end if

With:
If not isnumeric(catalogid) then
shoperror LangNoCatalogId
end if