 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.804857 |
| Categoría: | Web application abuses |
| Título: | Cart Engine Multiple Vulnerabilities |
| Resumen: | Cart Engine is prone to multiple vulnerabilities. |
| Descripción: | Summary: Cart Engine is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist due to: - Insufficient validation of the input parameters 'item_id[0]' and 'item_id[]' passed to cart.php page. - Insufficient sanitization of multiple pages output which includes the user submitted content. - Insufficient validation of the user-supplied input in index.php, cart.php, msg.php and page.php scripts. Vulnerability Impact: Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, conduct open-redirect attacks and execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: Cart Engine version 3.0. Other versions may also be affected. Solution: Upgrade to Cart Engine 4.0 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Copyright | Copyright (C) 2014 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |