Search...

CVE-2002-1352

2003-09-17T00:00:00

ID CVE-2002-1352
Type cve
Reporter NVD
Modified 2008-09-10T15:14:23

Description

Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter.

JSON Vulners Source

Initial Source

{"modified": "2008-09-10T15:14:23", "id": "CVE-2002-1352", "edition": 1, "objectVersion": "1.2", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1352", "cvelist": ["CVE-2002-1352"], "references": ["http://securitytracker.com/id?1005829"], "bulletinFamily": "NVD", "cpe": ["cpe:/a:per_magne_knutsen:cartman:1.04"], "title": "CVE-2002-1352", "published": "2003-09-17T00:00:00", "viewCount": 0, "type": "cve", "lastseen": "2016-09-03T03:35:51", "description": "Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter.", "hash": "d5840050c1c0cfe66dd242c245f0832a69c9e4e729fea9f16d42da32a1d54ef1", "reporter": "NVD", "scanner": [], "assessment": {"system": "", "name": "", "href": ""}, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2016-09-03T03:35:51"}, "vulnersScore": 5.0}}

{"osvdb": [{"lastseen": "2017-04-28T13:20:02", "references": [], "edition": 1, "description": "## Vulnerability Description\nCartman contains a flaw that may allow a malicious user to buy a product with an arbitrary price. The issue is due to insufficient checks on the price parameter. By submitting a specially crafted request, a remote attacker can purchase products with any price desired, resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Per Magne Knutsens has released a patch to address this vulnerability.\n## Short Description\nCartman contains a flaw that may allow a malicious user to buy a product with an arbitrary price. The issue is due to insufficient checks on the price parameter. By submitting a specially crafted request, a remote attacker can purchase products with any price desired, resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/cartman.php?action=add&id=1234&descr=My%20Product&price=1&quantity=1\n## References:\nSecurity Tracker: 1005829\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=32&type=vulnerabilities&flashstatus=false\nISS X-Force ID: 4621\n[CVE-2002-1352](https://vulners.com/cve/CVE-2002-1352)\n", "reporter": "Steven Dowd(steven.dowd@dowd.co.uk)", "published": "2002-12-18T00:00:00", "title": "Per Magne Knutsens CartMan Price Modification", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [{"name": "CartMan", "version": "1.04", "operator": "eq"}], "bulletinFamily": "software", "cvelist": ["CVE-2002-1352"], "modified": "2002-12-18T00:00:00", "id": "OSVDB:7663", "href": "https://vulners.com/osvdb/OSVDB:7663", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}