PHPCart - Input Validation
| EKU-ID: 30891 | CVE: CVE-2005-1398;OSVDB-15859 | OSVDB-ID: |
| Author: Lostmon | Published: 2005-04-27 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 30891 | CVE: CVE-2005-1398;OSVDB-15859 | OSVDB-ID: |
| Author: Lostmon | Published: 2005-04-27 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/13406/info PHPCart is prone to a remote input validation vulnerability. The issue exists because the software fails to sufficiently sanitize URI parameter data that is employed when computing product charges. A remote attacker may exploit this issue to manipulate invoice and payment charges for a specific PHPCart order. http://www.example.com/phpcart.php?action=add&id=1002&descr=Mobile%20Phone&price=0&postage=&quantity=100