Info

Disclosure

Jun 15, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

ProductCart contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the lid variable in the editCategories.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Early Impact

ProductCart

2.7

References

Security Tracker: 1014129
Bugtraq ID: 13881
Secunia Advisory ID: 14833
Related OSVDB ID: 17329 17331 17332 17333
CVE ID: 2005-1967 (see also: NVD)
Other Advisory URL: http://echo.or.id/adv/adv16-theday-2005.txt
Vendor URL: http://www.earlyimpact.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218