PT-2005-2395 · Phpcart · Phpcart

Lostmon

Published

2005-05-02

Updated

2018-10-19

CVE-2005-1398

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: PHPCart versions 3.2 through 4.6.4

Description: The issue allows remote attackers to modify product price information. This can be achieved by changing the price or postage parameters.

Recommendations: For versions 3.2 through 4.6.4, restrict access to the price and postage modification functionality to prevent unauthorized changes. As a temporary workaround, consider disabling the price and postage modification feature until a patch is available. Avoid using the price and postage parameters in affected API endpoints until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2005-1398

Affected Products

Phpcart

PT-2005-2395 · Phpcart · Phpcart

CVE-2005-1398

Weakness Enumeration

Related Identifiers

Affected Products

References · 9