vendor:
FishCart
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting and SQL-Injection
89, 89, 89
CWE
Product Name: FishCart
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
FishCart Multiple Cross-Site Scripting and SQL-Injection Vulnerabilities
FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit of the SQL-injection issues could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to dynamically construct SQL queries. Additionally, input validation should be used to ensure that untrusted data is not used to dynamically construct HTML output.
