ID CVE-2002-1352 Type cve Reporter NVD Modified 2008-09-10T15:14:23
Description
Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter.
{"result": {"osvdb": [{"id": "OSVDB:7663", "type": "osvdb", "title": "Per Magne Knutsens CartMan Price Modification", "description": "## Vulnerability Description\nCartman contains a flaw that may allow a malicious user to buy a product with an arbitrary price. The issue is due to insufficient checks on the price parameter. By submitting a specially crafted request, a remote attacker can purchase products with any price desired, resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Per Magne Knutsens has released a patch to address this vulnerability.\n## Short Description\nCartman contains a flaw that may allow a malicious user to buy a product with an arbitrary price. The issue is due to insufficient checks on the price parameter. By submitting a specially crafted request, a remote attacker can purchase products with any price desired, resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/cartman.php?action=add&id=1234&descr=My%20Product&price=1&quantity=1\n## References:\nSecurity Tracker: 1005829\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=32&type=vulnerabilities&flashstatus=false\nISS X-Force ID: 4621\n[CVE-2002-1352](https://vulners.com/cve/CVE-2002-1352)\n", "published": "2002-12-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:7663", "cvelist": ["CVE-2002-1352"], "lastseen": "2017-04-28T13:20:02"}]}}
