PT-2005-2362 · Metacart · Metacart E-Shop

Diabolic Crab

Published

2005-04-28

Updated

2017-07-11

CVE-2005-1361

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: MetaCart e-Shop version 8.0

Description: The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the intProdID parameter in "product.asp" or the strCatalog NAME parameter in "productsByCategory.asp".

Recommendations: For MetaCart e-Shop version 8.0, consider restricting access to the product.asp and productsByCategory.asp pages until a patch is available. As a temporary workaround, avoid using the intProdID and strCatalog NAME parameters in the affected API endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1361

Affected Products

Metacart E-Shop

PT-2005-2362 · Metacart · Metacart E-Shop

CVE-2005-1361

Related Identifiers

Affected Products

References · 5