vendor:
Lizard Cart
by:
cr4wl3r
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Lizard Cart
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: GNU/LINUX
2009
Lizard Cart Multiple SQL Injection Exploit
Lizard Cart is vulnerable to multiple SQL Injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'detail.php' and 'pages.php' scripts. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application's database, allowing for the manipulation or disclosure of arbitrary data.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to dynamically construct SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.