PT-2010-5319 · Pentasoft · Pentasoft Avactis Shopping Cart

Published

2010-11-01

Updated

2017-08-17

CVE-2010-4147

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Pentasoft Avactis Shopping Cart versions 1.9.1 build 8356 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved by sending a malicious User-Agent header to specific API endpoints, such as "index.php" and "product-list.php".

Recommendations For versions 1.9.1 build 8356 and earlier, update to a version that contains a fix for this issue.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2010-4147

Affected Products

Pentasoft Avactis Shopping Cart

PT-2010-5319 · Pentasoft · Pentasoft Avactis Shopping Cart

CVE-2010-4147

Weakness Enumeration

Related Identifiers

Affected Products

References · 8