Cart Engine Multiple Vulnerabilities

Summary
This host is running Cart Engine and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, conduct open-redirect attacks and execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application
Solution
No solution or patch is available as of 9th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.c97.net/
Insight
Multiple errors exists due to, - Insufficient validation of the input parameters 'item_id[0]' and 'item_id[]' passed to cart.php page. - Insufficient sanitization of multiple pages output which includes the user submitted content. - Insufficient validation of the user-supplied input in index.php, cart.php, msg.php and page.php scripts.
Affected
Cart Engine version 3.0. Other versions may also be affected.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References