AsaanCart Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

asaanCart is prone to multiple input-validation vulnerabilities, including: 1. Multiple HTML-injection vulnerabilities 2. A local file-include vulnerability 3. A cross-site scripting vulnerability Exploiting these issues could allow an attacker to execute arbitrary script code in the browser, steal cookie-based authentication credentials, control how the site is rendered to the user, view files, and execute local scripts. asaanCart 0.9 is vulnerable other versions may also be affected.

References

http://asaancart.wordpress.com
http://sourceforge.net/projects/asaancart/
http://www.securityfocus.com/bid/52498

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-5330, CVE-2012-5331
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache mod_proxy_ajp Information Disclosure Vulnerability
Apache Tomcat Information Disclosure Vulnerability
AN Guestbook Local File Inclusion Vulnerability
Apache Struts2/XWork Remote Command Execution Vulnerability
Apache Struts2 showcase namespace XSS Vulnerability

asaanCart Multiple Input Validation Vulnerabilities

Take action and discover your vulnerabilities