cpe:/a:salescart:shopping_cart CVE-2007-2997 2007-06-04T13:30:00.000-04:00 2017-07-28T21:31:54.440-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-06-05T08:47:00.000-04:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070529 RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability BUGTRAQ 20070613 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability BUGTRAQ 20070614 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability BID 24226 SREASON 2758 OSVDB 40145 XF salesacart-reorder2-sql-injection(34567) ** DISPUTED ** Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product."