Summary
FishCart, in use since January 1998, is a proven Open Source e-commerce system for products, services, online payment and online donation management. Written in PHP4, FishCart has been tested on Windows NT, Linux, and various Unix platforms.
FishCart presently supports the MySQL, PostgreSQL, Solid, Oracle and MSSQL.
FishCart contains multiple SQL injection vulnerabilities in the program that can be exploited to modify/delete/insert entries into the database.
In addition, the program suffers from cross site scripting vulnerabilities.
Severity
Classification
-
CVE CVE-2005-1486, CVE-2005-1487 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- 4psa Voipnow Local File Inclusion Vulnerability
- ASP-Dev XM Event Diary Multiple Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- b2ePMS Multiple SQL Injection Vulnerabilities