PHPCart - Input Validation

2005-04-27T00:00:00
ID EXPLOITPACK:498C0D910536DB72C42178DCD67EE812
Type exploitpack
Reporter Lostmon
Modified 2005-04-27T00:00:00

Description

PHPCart - Input Validation

                                        
                                            source: https://www.securityfocus.com/bid/13406/info

PHPCart is prone to a remote input validation vulnerability. The issue exists because the software fails to sufficiently sanitize URI parameter data that is employed when computing product charges.

A remote attacker may exploit this issue to manipulate invoice and payment charges for a specific PHPCart order. 

http://www.example.com/phpcart.php?action=add&id=1002&descr=Mobile%20Phone&price=0&postage=&quantity=100