MidiCart PHP Multiple Input Validation and Authenication Bypass Vulnerabilities
BID:21500
Info
MidiCart PHP Multiple Input Validation and Authenication Bypass Vulnerabilities
| Bugtraq ID: | 21500 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 07 2006 12:00AM |
| Updated: | Dec 08 2006 07:54PM |
| Credit: | inversFX is credited with the discovery of these issues. |
| Vulnerable: |
MidiCart Software MidiCart PHP Shopping Cart |
| Not Vulnerable: | |
Discussion
MidiCart PHP Multiple Input Validation and Authenication Bypass Vulnerabilities
MidiCart PHP is prone to an input-validation vulnerability and an authentication-bypass vulnerability.
Attackers could exploit these issues to manipulate price totals calculated by the application or to upload arbitrary script code and have it execute in the context of the application. This may result in the compromise of the application; other attacks are possible.
NOTE: MidiCart ASP may also be affected.
MidiCart PHP is prone to an input-validation vulnerability and an authentication-bypass vulnerability.
Attackers could exploit these issues to manipulate price totals calculated by the application or to upload arbitrary script code and have it execute in the context of the application. This may result in the compromise of the application; other attacks are possible.
NOTE: MidiCart ASP may also be affected.
Exploit / POC
Solution / Fix
MidiCart PHP Multiple Input Validation and Authenication Bypass Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
MidiCart PHP Multiple Input Validation and Authenication Bypass Vulnerabilities
References:
References:
- MidiCart Homepage (MidiCart Software)
- Midicart vulerable (inversFX)