Comersus Cart < 7.099 Remote Password Disclosure

high Nessus Network Monitor Plugin ID 4812

Synopsis

The remote web application allows unauthorized access to other user accounts.

Description

The installed version of Comersus Cart on the remote host suffers from a flaw where registered users can modify the email address and password of other users. The root cause is a failure of the 'comersus_customerModifyExec.asp' script to sanitize user-supplied input. An attacker exploiting this flaw would be able to change the credentials of other users.

Solution

Upgrade to version 7.099 or higher.

See Also

http://www.comersus.com

Plugin Details

Severity: High

ID: 4812

Family: CGI

Published: 1/14/2009

Updated: 3/6/2019

Reference Information

BID: 33217