| VID |
21275 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The osCommerce has a SQL Injection vulnerability using create_account_process.php script.
osCommerce is an online shop e-commerce solution under on going development by the open source community. osCommerce version 2.2ms1 and earlier are vulnerable to a SQL injection attack. This SQL injection vulnerability arises due to handling insufficiently user-supplied input passed to the "create_account_process.php" script. The script in question is used to verify account details during the new user registration process and has the filename "create_account_process.php". By sending the "country" variable containing SQL queries to the "create_account_process.php" script, a remote attacker can manipulate the underlying database. As a result of this an attacker could manipulate the SQL query the script performs and potentially extract information such as password hashes from the database or, possibly, gain access on the underlying host (through, for example, stored procedures or vulnerabilities in the database server).
* References:
http://www.securityfocus.com/archive/1/347591
http://forums.oscommerce.com/index.php?showtopic=70525&st=0&#entry275449
* Platforms Affected:
osCommerce version 2.2ms1 and earlier |
| Recommendation |
Upgrade to the latest version(2.2ms2 or later) of osCommerce, available from osCommerce download page at http://www.oscommerce.com/downloads |
| Related URL |
(CVE) |
| Related URL |
9211 (SecurityFocus) |
| Related URL |
(ISS) |
|
