vendor:
CubeCart
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: CubeCart
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
CubeCart Multiple SQL Injection Vulnerabilities
CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These issues affect the 'index.php', 'tellafriend.php', 'view_cart.php', and 'view_product.php' script. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized before being used in SQL queries.
