Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone AGOPENVAS:1361412562310100360
HistoryNov 24, 2009 - 12:00 a.m.

CubeCart 'productId' SQL Injection Vulnerability

2009-11-2400:00:00
Copyright (C) 2009 Greenbone AG
plugins.openvas.org
4

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.8%

JSON

CubeCart is prone to an SQL-injection vulnerability because it fails
to sufficiently sanitize user-supplied data before using it in an SQL query.

# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:cubecart:cubecart";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.100360");
  script_version("2024-03-01T14:37:10+0000");
  script_cve_id("CVE-2009-4060");
  script_tag(name:"last_modification", value:"2024-03-01 14:37:10 +0000 (Fri, 01 Mar 2024)");
  script_tag(name:"creation_date", value:"2009-11-24 12:49:20 +0100 (Tue, 24 Nov 2009)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_name("CubeCart 'productId' SQL Injection Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_dependencies("secpod_cubecart_detect.nasl");
  script_mandatory_keys("cubecart/installed");

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/37065");
  script_xref(name:"URL", value:"http://forums.cubecart.com/index.php?showtopic=39900");

  script_tag(name:"summary", value:"CubeCart is prone to an SQL-injection vulnerability because it fails
  to sufficiently sanitize user-supplied data before using it in an SQL query.");

  script_tag(name:"impact", value:"Exploiting this issue could allow an attacker to compromise the
  application, access or modify data, or exploit latent vulnerabilities in the underlying database.");

  script_tag(name:"affected", value:"The issue affects CubeCart 4.3.6. Prior versions may also be affected.");

  script_tag(name:"solution", value:"The vendor has released updates. Please see the references for
  details.");

  script_tag(name:"qod_type", value:"remote_banner");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! vers = get_app_version( cpe:CPE, port:port ) )
  exit( 0 );

if( version_in_range( version:vers, test_version:"4.3.0", test_version2:"4.3.6" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"4.3.7" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Related

openvas 1
prion 1
nessus 1
cve 1
openvas
openvas
CubeCart 'productId' SQL Injection Vulnerability
2009-11-24 00:00:00
prion
prion
Sql injection
2009-11-24 02:30:00
nessus
nessus
CubeCart includes/content/viewProd.inc.php productId Parameter SQL Injection
2009-11-24 00:00:00
cve
cve
CVE-2009-4060
2009-11-24 02:30:00

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.8%

JSON
Related for OPENVAS:1361412562310100360
openvas1prion1nessus1cve1