CS-Cart 'product_id' Parameter SQL Injection Vulnerability Network Vulnerability

Summary

The host is running CS-Cart and is prone to SQL injection vulnerability.

Impact

Successful exploitation will allow attacker to perform SQL Injection attack and gain sensitive information. Impact Level: Application

Solution

Upgrade to CS-Cart version 2.0.15 or later, For updates refer to http://www.cs-cart.com/

Insight

The flaw is caused by improper validation of user-supplied input via the 'product_id' parameter to index.php that allows attacker to manipulate SQL queries by injecting arbitrary SQL code.

Affected

CS-Cart version 2.0.0 Beta 3

References

http://xforce.iss.net/xforce/xfdb/49154

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-4891

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
AjaXplorer zoho plugin Directory Traversal Vulnerability
AWCM CMS Multiple Remote File Include Vulnerabilities
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
Apache Axis2 Document Type Declaration Processing Security Vulnerability

Take action and discover your vulnerabilities