| VID |
21956 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The CubeCart software is vulnerable to multiple vulnerabilities which exist in versions prior to 3.0.12. Brooky CubeCart is an ecommerce script that is written in PHP and MySQL. CubeCart versions prior to 3.0.12 are vulnerable to an SQL Injection and a cross-site scripting as follows:
1) SQL Injection vulnerability: A remote attacker could exploit this vulnerability by sending specially-crafted SQL query via 'oid' parameter of the 'confirmed.php' script.
2) cross-site scripting: A remote attacker could exploit this vulnerability by sending specially-crafted URL via 'file' parameter of the 'preview.php' script or 'email' parameter of the 'login.php' script.
* References:
http://www.frsirt.com/english/advisories/2006/3314
http://secunia.com/advisories/21538
http://www.securityfocus.com/archive/1/archive/1/443476/100/0/threaded
http://retrogod.altervista.org/cubecart_3011_adv.html
http://www.cubecart.com/site/home/
http://www.cubecart.com/site/forums/index.php?showtopic=21247
http://archives.neohapsis.com/archives/bugtraq/2006-08/0342.html
http://www.milw0rm.com/exploits/2198
* Platforms Affected:
Brooky CubeCart versions prior to 3.0.12
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of CubeCart (3.0.12 or later), available from the CubeCart Web site at http://www.cubecart.com/site/home/ |
| Related URL |
CVE-2006-4267,CVE-2006-4268 (CVE) |
| Related URL |
19563 (SecurityFocus) |
| Related URL |
28428,28429 (ISS) |
|
