SQL Injection and CSRF Vulnerability in Comersus 8 Shopping Cart

vendor:

Comersus 8 Shopping Cart

by:

Sid3^effects

7,5

CVSS

HIGH

SQL Injection and CSRF

N/A

CWE

Product Name: Comersus 8 Shopping Cart

Affected Version From: Comersus 8

Affected Version To: Comersus 8

Patch Exists: No

Related CWE: N/A

CPE: a:comersus:comersus_8

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Web Application

2010

SQL Injection and CSRF Vulnerability in Comersus 8 Shopping Cart

The Comersus 8 Shopping Cart is vulnerable to SQL Injection and CSRF. By using the combo ' or 1=1 or ''=' the attacker can login. The attacker can modify the options which are available.

Mitigation:

The application should be tested for SQL Injection and CSRF vulnerabilities.

Source

SQL Injection and CSRF Vulnerability in Comersus 8 Shopping Cart

Mitigation:

Exploit-DB raw data: