cpe:/a:vpasp:vp-asp_shopping_cart:5.50 cpe:/a:vpasp:vp-asp_shopping_cart:6.00 cpe:/a:vpasp:vp-asp_shopping_cart:6.50 CVE-2010-1588 2010-04-28T19:30:00.370-04:00 2017-08-16T21:32:24.960-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-04-29T08:40:00.000-04:00 FULLDISC 20100120 Insufficient User Input Validation in VP-ASP 6.50 Demo Code SECUNIA 38283 OSVDB 61890 XF shoppingcart-websess-sql-injection(55821) SQL injection vulnerability in the Getwebsess function in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via the websess parameter.