Vulnerabilities > CVE-2004-0682 - Multiple vulnerability in Comersus Open Technologies Comersus Cart 5.0.9
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Comersus Open Technologies Comersus 5.0 comersus_gatewayPayPal.asp Price Manipulation. CVE-2004-0682. Webapps exploit for asp platform |
id | EDB-ID:24260 |
last seen | 2016-02-02 |
modified | 2004-07-07 |
published | 2004-07-07 |
reporter | Thomas Ryan |
source | https://www.exploit-db.com/download/24260/ |
title | Comersus Open Technologies Comersus 5.0 comersus_gatewayPayPal.asp Price Manipulation |
Nessus
NASL family | CGI abuses |
NASL id | COMERSUS_SQL_INJECTION.NASL |
description | The remote host is running the Comersus Shopping Cart Software. There is a flaw in this interface that allows an attacker to log in as any user by using a SQL injection flaw in the code of comersus_backoffice_login.php. An attacker may use this flaw to gain unauthorized access on this host, or to gain the control of the remote database. In addition to this, the remote version of this software may be vulnerable to other issues (see BID 10674). |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14183 |
published | 2004-08-02 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14183 |
title | Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS) |
code |
|