PT-2003-1691 · Early Impact · Productcart

Bosen

Published

2003-07-10

Updated

2016-10-18

CVE-2003-0522

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: ProductCart versions 1.5 through 2

Description: The issue allows remote attackers to gain unauthorized access and privileges. This can be achieved through SQL injection vulnerabilities, specifically by manipulating the idadmin parameter to login.asp or the Email parameter to Custva.asp.

Recommendations: For ProductCart versions 1.5 through 2, consider restricting access to the login.asp and Custva.asp pages until a fix is available. As a temporary workaround, avoid using the idadmin and Email parameters in the affected API endpoints.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0522

Affected Products

Productcart

PT-2003-1691 · Early Impact · Productcart

CVE-2003-0522

Related Identifiers

Affected Products

References · 4