|
|
Family: CGI abuses --> Category: attack
CubeCart SQL injection Vulnerability Scan
Vulnerability Scan Summary
SQL Injection in CubeCart
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is susceptible to a SQL
injection attack.
Description :
There is a SQL injection issue in the remote version of CubeCart that
may allow a possible hacker to execute arbitrary SQL statements on the remote
host and to potentially overwrite arbitrary files on the remote system,
by sending a malformed value to the 'cat_id' argument of the file
'index.php'.
See also :
http://seclists.org/lists/bugtraq/2004/Oct/0051.html
http://www.cubecart.com/site/forums/index.php?showtopic=4065
Solution :
Upgrade to CubeCart 2.0.2 or later.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
