FishCart SQL Injections Network Vulnerability

Summary

FishCart, in use since January 1998, is a proven Open Source e-commerce system for products, services, online payment and online donation management. Written in PHP4, FishCart has been tested on Windows NT, Linux, and various Unix platforms. FishCart presently supports the MySQL, PostgreSQL, Solid, Oracle and MSSQL. FishCart contains multiple SQL injection vulnerabilities in the program that can be exploited to modify/delete/insert entries into the database. In addition, the program suffers from cross site scripting vulnerabilities.

Severity

Classification

CVE CVE-2005-1486, CVE-2005-1487
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
Assesi 'bg' Parameter SQL Injection vulnerability
Admin News Tools Multiple Vulnerabilities
AdMentor Login Flaw

FishCart SQL injections

Take action and discover your vulnerabilities