| VID |
21628 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The ProductCart software is vulnerable to multiple input validation vulnerabilities (2). ProductCart is an ecommerce shopping cart program written in ASP for Microsoft Windows operating systems. ProductCart version 2.7 and earlier versions are vulnerable to multiple input validation vulnerabilities, which can be exploited by remote attackers to conduct cross-site scripting and SQL injection attacks.
1) Multiple SQL Injection Vulnerabilities: Input passed to "idCategory" and "resultCnt" parameters of the "advSearch_h.asp" script isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) A Cross-Site Scripting Vulnerability: Input passed to the "redirectUrl" parameter of the "NewCust.asp" script, the "country" parameter of the "storelocator_submit.asp" script, the "error" parameter of the "techErr.asp" script, and the "keyword" parameter of the "advSearch_h.asp" script isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
* References:
http://digitalparadox.org/advisories/prodcart.txt
http://secunia.com/advisories/14833/
http://www.osvdb.org/displayvuln.php?osvdb_id=15263
http://www.osvdb.org/displayvuln.php?osvdb_id=15264
http://www.osvdb.org/displayvuln.php?osvdb_id=15266
http://www.osvdb.org/displayvuln.php?osvdb_id=15267
http://www.osvdb.org/displayvuln.php?osvdb_id=15268
* Platforms Affected:
EarlyImpact, ProductCart version 2.7 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of ProductCart (2.75 or later), available from the EarlyImpact Web site at http://www.earlyimpact.com/index.asp |
| Related URL |
CVE-2005-0994,CVE-2005-0995 (CVE) |
| Related URL |
12990 (SecurityFocus) |
| Related URL |
19966,21012 (ISS) |
|
