Web application abuses : UAEPD Shopping Cart Script Multiple SQL Injection Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.903335

Categoría: Web application abuses

Título: UAEPD Shopping Cart Script Multiple SQL Injection Vulnerabilities

Resumen: UAEPD Shopping Cart is prone to multiple sql injection vulnerabilities.

Descripción: Summary:
UAEPD Shopping Cart is prone to multiple sql injection vulnerabilities.

Vulnerability Insight:
Flaws is due to the products.php script does not validate input to the 'cat_id'
and 'p_id' parameters and page.php and news.php scripts are not validating input
passed via 'id' parameter before using in sql query

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute arbitrary SQL
statements on the vulnerable system, which may leads to access or modify data
in the underlying database.

Affected Software/OS:
UAEPD Shopping Script.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore. General solution
options are to upgrade to a newer release, disable respective features, remove the product or
replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-1618
BugTraq ID: 64734
http://www.securityfocus.com/bid/64734
http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txt
http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabilty
http://osvdb.org/101859
http://osvdb.org/101899
http://osvdb.org/101900
http://secunia.com/advisories/56351
XForce ISS Database: uaepd-multiple-sql-injection(90214)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90214

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.903335
Categoría:	Web application abuses
Título:	UAEPD Shopping Cart Script Multiple SQL Injection Vulnerabilities
Resumen:	UAEPD Shopping Cart is prone to multiple sql injection vulnerabilities.
Descripción:	Summary: UAEPD Shopping Cart is prone to multiple sql injection vulnerabilities. Vulnerability Insight: Flaws is due to the products.php script does not validate input to the 'cat_id' and 'p_id' parameters and page.php and news.php scripts are not validating input passed via 'id' parameter before using in sql query Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary SQL statements on the vulnerable system, which may leads to access or modify data in the underlying database. Affected Software/OS: UAEPD Shopping Script. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1618 BugTraq ID: 64734 http://www.securityfocus.com/bid/64734 http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txt http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabilty http://osvdb.org/101859 http://osvdb.org/101899 http://osvdb.org/101900 http://secunia.com/advisories/56351 XForce ISS Database: uaepd-multiple-sql-injection(90214) https://exchange.xforce.ibmcloud.com/vulnerabilities/90214
Copyright	Copyright (C) 2014 Greenbone AG