| VID |
21766 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Comersus BackOffice software is vulnerable to an authentication bypass vulnerability. Comersus Cart is a freely available shopping cart program for Microsoft Windows and Linux operating systems. Comersus BackOffice Lite is a basic administrative utility for Comersus. Comersus BackOffice Lite and BackOffice Plus are vulnerable to an authentication bypass vulnerability, caused by improper filtering of user-supplied input to the 'adminName' and the 'adminpassword' parameters of the comersus_backoffice_menu script. This vulnerability could allow a remote attacker without knowing the administrator password to access the shopping cart menu and to execute commands as administrator.
* References:
http://www.morx.org/comersus.txt
* Platforms Affected:
Comersus Open Technologies, ComersusBackOffice Lite Any version
Comersus Open Technologies, ComersusBackOffice Plus Any version
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of November 2005.
Upgrade to the latest version of Comersus Shopping Cart, when new fixed version becomes available from the Comersus Open Technologies Download site at http://www.comersus.com/comersus-downloads/ |
| Related URL |
(CVE) |
| Related URL |
15251 (SecurityFocus) |
| Related URL |
(ISS) |
|
