PHPCart Input Validation Vulnerability
BID:13406
Info
PHPCart Input Validation Vulnerability
| Bugtraq ID: | 13406 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1398 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 27 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovery of this issue is credited to Lostmon. |
| Vulnerable: |
PHPCart PHPCart 0 |
| Not Vulnerable: | |
Discussion
PHPCart Input Validation Vulnerability
PHPCart is prone to a remote input validation vulnerability. The issue exists because the software fails to sufficiently sanitize URI parameter data that is employed when computing product charges.
A remote attacker may exploit this issue to manipulate invoice and payment charges for a specific PHPCart order.
PHPCart is prone to a remote input validation vulnerability. The issue exists because the software fails to sufficiently sanitize URI parameter data that is employed when computing product charges.
A remote attacker may exploit this issue to manipulate invoice and payment charges for a specific PHPCart order.
Exploit / POC
PHPCart Input Validation Vulnerability
The following example is available:
http://www.example.com/phpcart.php?action=add&id=1002&descr=Mobile%20Phone&price=0&postage=&quantity=100
The following example is available:
http://www.example.com/phpcart.php?action=add&id=1002&descr=Mobile%20Phone&price=0&postage=&quantity=100
Solution / Fix
PHPCart Input Validation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.