ID de Prueba:	1.3.6.1.4.1.25623.1.0.12062
Categoría:	CGI abuses
Título:	Ecommerce Corp. Online Store Kit More.php Injection Vulnerability
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is running Ecommerce Corportation Online Store Kit, a web based e-commerce CGI suite. A vulnerability has been discovered in the more.php file that allows unauthorized users to inject SQL commands or to perform cross-site scripting attackes. An attacker may use this flaw to gain the control of the remote database Solution : Upgrade to the latest version of this software. Risk factor : High
Referencia Cruzada:	BugTraq ID: 9676 Common Vulnerability Exposure (CVE) ID: CVE-2004-0301 http://www.securityfocus.com/bid/9676 http://www.systemsecure.org/advisories/ssadvisory16022004.php http://securitytracker.com/alerts/2004/Feb/1009079.html http://secunia.com/advisories/10902/ XForce ISS Database: onlinestorekit-more-xss(15235) https://exchange.xforce.ibmcloud.com/vulnerabilities/15235 Common Vulnerability Exposure (CVE) ID: CVE-2004-0300 BugTraq ID: 9687 http://www.securityfocus.com/bid/9687 Bugtraq: 20040218 ZH2004-07SA (security advisory): Multiple Sql injection (Google Search) http://marc.info/?l=bugtraq&m=107712117913185&w=2 http://www.zone-h.org/en/advisories/read/id=3972/ http://www.osvdb.org/3973 http://securitytracker.com/alerts/2004/Feb/1009092.html XForce ISS Database: onlinestorekit-more-sql-injection(15232) https://exchange.xforce.ibmcloud.com/vulnerabilities/15232
Copyright	This script is Copyright (C) 2004 Tenable Network Security

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.