PT-2005-3513 · Ecw · Ecw-Shop

David S. Ferreira

Published

2005-08-19

Updated

2016-10-18

CVE-2005-2623

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ECW-Shop version 6.0.2

Description The issue allows remote attackers to manipulate the total cost of their shopping cart. By specifying a negative quantity for an item, the price of the item is subtracted from the total cost, potentially reducing the total cost of the cart.

Recommendations For ECW-Shop version 6.0.2, consider implementing validation to prevent negative quantities from being specified in the shopping cart, or restrict the ability to modify quantities in a way that could lead to a negative total cost.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2623

Affected Products

Ecw-Shop

PT-2005-3513 · Ecw · Ecw-Shop

CVE-2005-2623

Related Identifiers

Affected Products

References · 4