Vulnerability details :
 
CS-Cart index.php Multiple Variable SQL Injection 
 
     Fiche

Fiche créée le 2005-12-02 06:41:16, dernière mise à jour le 2008-03-02 23:54:29

CS-Cart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'sort_by' and 'sort_order' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.


/index.php?target=products&mode=search&subcats=Y&type=extended&avail=Y&pshor=Y&pfull=Y&pname=Y&cid=0&q=&x=11&y=3&sort_by=[SQL] /index.php?target=products&mode=search&subcats=Y&type=extended&avail=Y&pshor=Y&pfull=Y&pname=Y&cid=0&q=%27&x=11&y=3&sort_by=product&sort_order=[SQL]
 
CS-Cart    1.2  Affected
CS-Cart    1.1  Affected
 
Attack Type :  Input Manipulation
 XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding.
 Découvert le 2005-11-25 07:00:00
 
Attack Type :  Information Disclosure
 comments, passwords, fingerprinting, system information.
 
Exploit :  Exploit Rumored / Private
 The exploit has been mentioned but not confirmed. Proof of Concept (PoC) has been published to prove the vulnerability but does not exploit it.
 Exploit découvert le 1970-01-01 07:00:00
 
Impact :  Loss of Integrity
 Assurance that data is unaltered by unauthorized persons. Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc.
 
Impact :  Loss of Confidentiality
 Assurance that data is protected and not disclosed to an unauthorized party. Examples: password disclosures, server information, environment variables, confirmation of file existence, path disclosure, file content access, some SQL injection.
 
Location :  Remote/Network Access Required
 If network access if required and exploit can be done remotely.
 
OSVDB :  Web Related
 The vulnerability is a web issue and will have an associated security check.
 
 
External refs :
OSVDB  21370
  
  
  
  
  
 
 
 
 

 
 


Free consultation (search)
 
  Fill one or some of the fields below :
   
Vendor
 
Title
 
Vulnerability ref.
 
 
   
 
   
Individual alerts
 
You determine with one profile dynamic and assisted, all your material and software equipment.
We shall inform you then automatically, as soon as a notification of security will concern one or several elements of it profile.
Every notification is definite, consists of numerous information to determine risk and to protect itself from it.
 
Login:
Pass:
 
Free online subscription
© Power4Security.com - BMS Ltd UK 2007-2008 - powered by Power4Website.com
Partenaires : Anti-spam - Hébergement France - MySQL Php Suisse - Hosting Canada - Web Php Maroc - WebmasterMalin
Guide de l'affiliation - Guide du paiement électronique et de l'e-currency - Annuaire du Web - Solution e-commerce - Externalisation et outsourcing
e-Marketing et e-Mailing - Comparaison de services - Comparateur Marchands - Bons plans par email - Tests de personnalité et de QI
SMS API - Forums et Petites Annonces Gratuites - Rencontres - Sonneries - Offres du Web - Arrêter de fumer - Guide des mobiles et PDA