Detections
Analytics
Qualiteam X-Cart Multiple Vulnerabilities
high Nessus Plugin ID 18419
Language:
Synopsis
The remote web server contains a PHP application affected by several flaws.Description
The remote host is running X-Cart, a PHP-based shopping cart system.The version installed on the remote host suffers from numerous SQL injection and cross-site scripting vulnerabilities. Attackers can exploit the former to influence database queries, resulting possibly in a compromise of the affected application, disclosure of sensitive data, or even attacks against the underlying database. And exploitation of the cross-site scripting flaws can be used to steal cookie-based authentication credentials and perform similar attacks.
Solution
Unknown at this time.See Also
https://www.securityfocus.com/archive/1/401035/30/0/threaded
Plugin Details
Severity: High
ID: 18419
File Name: qualiteam_xcart_sql_xss.nasl
Version: 1.19
Type: remote
Family: CGI abuses
Published: 6/6/2005
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 5/30/2005
Reference Information
CVE: CVE-2005-1822, CVE-2005-1823
BID: 13817