Summary
The host is running CS-Cart and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow attacker to perform SQL Injection attack and gain sensitive information.
Impact Level: Application
Solution
Upgrade to CS-Cart version 2.0.15 or later,
For updates refer to http://www.cs-cart.com/
Insight
The flaw is caused by improper validation of user-supplied input via the 'product_id' parameter to index.php that allows attacker to manipulate SQL queries by injecting arbitrary SQL code.
Affected
CS-Cart version 2.0.0 Beta 3
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-4891 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
- 4Images <= 1.7.1 Directory Traversal Vulnerability
- 'research_display.php' SQL Injection Vulnerability
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability