| VID |
21548 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The CubeCart software is vulnerable to multiple SQL injection vulnerabilities. Brooky CubeCart is an ecommerce script that is written in PHP and MySQL. CubeCart versions 2.0.6 and earlier are vulnerable to multiple SQL injection vulnerabilities, caused by improper filtering of user-supplied input passed to the 'PHPSESSID' parameter of the 'index.php' script, the 'product' parameter of the 'tellafriend.php' script, the 'add' parameter of the 'view_cart.php' script, and the 'product' parameter of the 'view_product.php' script. These vulnerabilities could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* Platforms Affected:
Brooky CubeCart versions 2.0.6 and earlier
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of CubeCart (2.0.7 or later), available from the CubeCart Web site at http://www.cubecart.com/site/home/ |
| Related URL |
CVE-2005-1033 (CVE) |
| Related URL |
13050 (SecurityFocus) |
| Related URL |
(ISS) |
|
