HomePentest-Tools.com Logo

CubeCart Multiple Cross-Site Scripting and SQL Injection Vulnerabilities CVE-2010-4903

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

CubeCart is prone to SQL injection and multiple cross-site scripting vulnerabilities.

Risk description

The flaws are due to - Input passed to the amount, cartId, email, transId, and transStatus parameters in modules/gateway/WorldPay/return.php is not properly sanitised before being returned to the user. - Input passed via the searchStr parameter to index.php (when _a is set to viewCat) is not properly sanitised before being used in a SQL query. Successful exploitation will let attackers to execute arbitrary HTML and script code in a users browser session in context of an affected site and manipulate SQL queries by injecting arbitrary SQL code.

Recommendation

Upgrade to CubeCart version 4.4.2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 8, 2011
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available