Vulnerabilities > CVE-2014-8305 - Remote Security vulnerability in C97 Cart Engine 3.0

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
c97
exploit available

Summary

Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php. <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>

Vulnerable Configurations

Part Description Count
Application
C97
1

D2sec

nameCart Engine 3.0 SQL Injection
urlhttp://www.d2sec.com/exploits/cart_engine_3.0_sql_injection.html

Exploit-Db

descriptionCart Engine 3.0 - Multiple Vulnerabilities. CVE-2014-8305,CVE-2014-8306,CVE-2014-8307. Webapps exploit for php platform
idEDB-ID:34764
last seen2016-02-03
modified2014-09-25
published2014-09-25
reporterQuantum Leap
sourcehttps://www.exploit-db.com/download/34764/
titleCart Engine 3.0 - Multiple Vulnerabilities