CVE-2008-2918

Description

SQL injection vulnerability in details.php in Application Dynamics Cartweaver 3.0 allows remote attackers to execute arbitrary SQL commands via the prodId parameter, possibly a related issue to CVE-2006-2046.3.

Affected products

• application_dynamics / cartweaver3.0 – 3.0

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/30677
• EXPLOIThttps://www.exploit-db.com/exploits/5815
• MISChttp://www.securityfocus.com/bid/29727
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43099