PT-2010-1499 · Unknown · Php Shopping Cart Selling Website Script

Published

2010-03-10

Updated

2010-03-11

CVE-2009-4689

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP Shopping Cart Selling Website Script (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands via the cid parameter in the "index.php" file. This can be exploited by sending malicious input to the vulnerable parameter.

Recommendations For PHP Shopping Cart Selling Website Script, avoid using the cid parameter in the "index.php" file until the issue is resolved. As a temporary workaround, consider validating and sanitizing all user input to the cid parameter to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2009-4689

Affected Products

Php Shopping Cart Selling Website Script

PT-2010-1499 · Unknown · Php Shopping Cart Selling Website Script

CVE-2009-4689

Weakness Enumeration

Related Identifiers

Affected Products

References · 5