Unrated severityNVD Advisory· Published Apr 23, 2005· Updated Apr 16, 2026

CVE-2005-1291

Description

Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.

Affected products

Cartwiz/Asp Cart
cpe:2.3:a:cartwiz:asp_cart:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securitytracker.com/idnvdExploit
marc.infonvd
secunia.com/advisories/15055nvd
www.osvdb.org/15771nvd
www.osvdb.org/15772nvd
www.osvdb.org/15773nvd
www.osvdb.org/15774nvd
exchange.xforce.ibmcloud.com/vulnerabilities/20246nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000