Vulnerabilities > CVE-2006-4267 - Input Validation vulnerability in CubeCart
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Exploit-Db
description | CubeCart <= 3.0.11 (oid) Remote Blind SQL Injection Exploit. CVE-2006-4267. Webapps exploit for php platform |
id | EDB-ID:2198 |
last seen | 2016-01-31 |
modified | 2006-08-17 |
published | 2006-08-17 |
reporter | rgod |
source | https://www.exploit-db.com/download/2198/ |
title | CubeCart <= 3.0.11 oid Remote Blind SQL Injection Exploit |
Nessus
NASL family | CGI abuses |
NASL id | CUBECART_3012.NASL |
description | The version of CubeCart installed on the remote host fails to properly sanitize user-supplied input to several parameters and scripts before using it in database queries and to generate dynamic web content. An unauthenticated attacker may be able to exploit these issues to conduct SQL injection and cross-site scripting attacks against the affected application. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22231 |
published | 2006-08-17 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22231 |
title | CubeCart < 3.0.12 Multiple Vulnerabilities (SQLi, XSS) |
code |
|
References
- http://bugs.cubecart.com/?do=details&id=523
- http://retrogod.altervista.org/cubecart_3011_adv.html
- http://retrogod.altervista.org/cubecart_3011_sql.html
- http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html
- http://secunia.com/advisories/21538
- http://securityreason.com/securityalert/1429
- http://securitytracker.com/id?1016708
- http://www.cubecart.com/site/forums/index.php?showtopic=21247
- http://www.osvdb.org/27984
- http://www.osvdb.org/27985
- http://www.securityfocus.com/archive/1/443476/100/0/threaded
- http://www.securityfocus.com/bid/19563
- http://www.vupen.com/english/advisories/2006/3314
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28428