Cart Engine Multiple Security Vulnerabilities
BID:69841
Info
Cart Engine Multiple Security Vulnerabilities
| Bugtraq ID: | 69841 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 16 2014 12:00AM |
| Updated: | Sep 30 2014 12:01AM |
| Credit: | Pietro Minniti |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Cart Engine Multiple Security Vulnerabilities
Cart Engine is prone to following input-validation vulnerabilities:
1. An SQL-injection vulnerability
2. Multiple cross-site scripting vulnerabilities
3. Multiple open-redirection vulnerabilities
Attackers can exploit these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary script or HTML code, steal cookie-based authentication credentials, and redirect a user to a potentially malicious site; this may aid in phishing attacks.
Cart Engine 3.0 is vulnerable; other versions may also be affected.
Cart Engine is prone to following input-validation vulnerabilities:
1. An SQL-injection vulnerability
2. Multiple cross-site scripting vulnerabilities
3. Multiple open-redirection vulnerabilities
Attackers can exploit these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary script or HTML code, steal cookie-based authentication credentials, and redirect a user to a potentially malicious site; this may aid in phishing attacks.
Cart Engine 3.0 is vulnerable; other versions may also be affected.
Exploit / POC
Cart Engine Multiple Security Vulnerabilities
An attacker can exploit SQL-injection and open-redirect vulnerabilities using browser.
An attacker can exploit cross-site scripting vulnerability by enticing an unsuspecting victim into following a malicious URI.
An attacker can exploit SQL-injection and open-redirect vulnerabilities using browser.
An attacker can exploit cross-site scripting vulnerability by enticing an unsuspecting victim into following a malicious URI.
Solution / Fix
Cart Engine Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Cart Engine Multiple Security Vulnerabilities
References:
References: