Detections
Analytics

CactuShop 5.x Multiple Remote Vulnerabilities (XSS, SQLi)

high Nessus Plugin ID 15461

Language:

Synopsis

The remote web server contains an ASP application that is affected by multiple vulnerabilities.

Description

The remote host runs CactuShop, an e-commerce web application written in ASP.

The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied-data in the script 'popuplargeimage.asp'.

Successful exploitation of this issue may allow an attacker to execute malicious script code on a vulnerable server.

This version may also be vulnerable to SQL injection attacks in the scripts 'mailorder.asp' and 'payonline.asp'. The user-supplied input parameter 'strItems' is not filtered before being used in a SQL query. Thus, the query modification through malformed input is possible.

Successful exploitation of this vulnerability can enable an attacker to execute commands in the system (via MS SQL the function xp_cmdshell).

Solution

Upgrade to CactuShop 5.113 or later.

See Also

http://www.nessus.org/u?4ec0c7d8

Plugin Details

Severity: High

ID: 15461

File Name: cactuShop_multiple_flaws.nasl

Version: 1.27

Type: remote

Family: CGI abuses

Published: 10/12/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:cactusoft:cactushop

Required KB Items: www/ASP

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/31/2004

Reference Information

CVE: CVE-2004-1881, CVE-2004-1882

BID: 10019, 10020

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990