| VID |
21970 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The CubeCart software is vulnerable to multiple vulnerabilities which exist in versions prior to 3.0.13. Brooky CubeCart is an ecommerce script that is written in PHP and MySQL. CubeCart versions prior to 3.0.13 could allow a remote attacker to include malicious PHP files, caused by improper validation of user-supplied input passed to the 'gateway' parameter of the 'includes/content/gateway.inc.php' script. A remote attacker can send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the affected host. In addition, if PHP's 'register_globals' setting is enabled, the application is vulnerable to SQL injection and cross-site scripting attacks, caused by improper validation of user-supplied input passed to the 'searchArray' and 'links' array variables.
* References:
http://www.cubecart.com/site/forums/index.php?showtopic=21540
http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697
http://www.gulftech.org/?node=research&article_id=00111-08282006&
http://secunia.com/advisories/21659/
* Platforms Affected:
Brooky CubeCart versions prior to 3.0.13
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of CubeCart (3.0.13 or later), available from the CubeCart Web site at http://www.cubecart.com/site/home/ |
| Related URL |
CVE-2006-4525,CVE-2006-4526,CVE-2006-4527 (CVE) |
| Related URL |
19782 (SecurityFocus) |
| Related URL |
28827,28828,28829 (ISS) |
|
