CubeCart Cart.Inc.PHP SQL Injection Vulnerability
BID:24100
Info
CubeCart Cart.Inc.PHP SQL Injection Vulnerability
| Bugtraq ID: | 24100 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2862 |
| Remote: | Yes |
| Local: | No |
| Published: | May 22 2007 12:00AM |
| Updated: | May 07 2015 05:38PM |
| Credit: | John Martinelli is credited with the discovery of this vulnerability. |
| Vulnerable: |
CubeCart CubeCart 3.0.16 |
| Not Vulnerable: |
CubeCart CubeCart 3.0.17 |
Discussion
CubeCart Cart.Inc.PHP SQL Injection Vulnerability
CubeCart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CubeCart 3.0.16 is reported vulnerable; other versions may also be affected.
CubeCart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CubeCart 3.0.16 is reported vulnerable; other versions may also be affected.
Exploit / POC
CubeCart Cart.Inc.PHP SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
CubeCart Cart.Inc.PHP SQL Injection Vulnerability
Solution:
The vendoir has released CubeCart 3.0.17 to address this issue; please contact the vendor for information on obtaining and installing fixes.
Solution:
The vendoir has released CubeCart 3.0.17 to address this issue; please contact the vendor for information on obtaining and installing fixes.
References
CubeCart Cart.Inc.PHP SQL Injection Vulnerability
References:
References:
- CubeCart Homepage (CubeCart)
- RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability (John Martinelli)