Summary
This host is installed with TomatoCart
and is prone to sql-injection and cross-site scripting.
Impact
Successful exploitation will allow remote
attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Impact Level: Application
Solution
No solution or patch is available as of
9th February, 2015. Information regarding this issue will updated once the solution details are available. For updates refer http://www.tomatocart.com/
Insight
Multiple errors are due to,
- Input passed to info.php script via the 'faqs_id' GET parameter is not validated before returning it to users
- the program does not properly sanitize user-supplied input to the 'First Name' and 'Last Name' fields when creating new contacts.
Affected
TomatoCart version 1.1.8.6.1
Detection
Send a crafted data via HTTP GET request
and check whether it is able to read cookie or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2014-3830, CVE-2014-3978 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Archiva Cross Site Request Forgery Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- AMSI 'file' Parameter Directory Traversal Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness