Detections
Analytics
ProductCart Multiple Input Validation Vulnerabilities
high Nessus Plugin ID 17971
Language:
Synopsis
The remote web server contains an ASP script that is affected by several flaws.Description
The remote host is running a version of the ProductCart shopping cart software that suffers from several input validation vulnerabilities:- SQL Injection Vulnerabilities The 'advSearch_h.asp' script fails to sanitize user input to the 'idCategory', and 'resultCnt' parameters, allowing an attacker to manipulate SQL queries.
- Multiple Cross-Site Scripting Vulnerabilities The application fails to sanitize user input via the 'redirectUrl' parameter of the 'NewCust.asp' script, the 'country' parameter of the 'storelocator_submit.asp' script, the 'error' parameter of the 'techErr.asp' script, and the 'keyword' parameter of the 'advSearch_h.asp' script before using it in dynamically-generated web content. An attacker can exploit these flaws to cause arbitrary HTML and script code to be executed in a user's browser in the context of the affected website.
Solution
Unknown at this time.Plugin Details
Severity: High
ID: 17971
File Name: productcart_multiple_input_vulns.nasl
Version: 1.23
Type: remote
Family: CGI abuses
Published: 4/6/2005
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/ASP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 4/4/2005
Reference Information
CVE: CVE-2005-0994, CVE-2005-0995
BID: 12990