[原文]** REJECT ** cart.php in LiteCommerce might allow remote attackers to obtain sensitive information via invalid (1) category_id or (2) product_id parameters. NOTE: this issue was originally claimed to be due to SQL injection, but the original researcher is known to be frequently inaccurate with respect to bug type and severity. The vendor has disputed this issue, saying "These reports are credited to malicious person we refused to hire. We have not taken legal action against him only because he is located in India. The vulnerabilites reported can not be reproduced, hence information you provide is contrary to fact." Further investigation by CVE personnel shows that an invalid SQL syntax error could be generated, but it only reveals portions of underlying database structure, which is already available in documentation from the vendor, and it does not appear to lead to path disclosure. Therefore, this issue is not a vulnerability or an exposure, and it probably should be REJECTED.
LiteCommerce contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker provides malformed data to the 'target' parameter of the cart.php script, which will disclose the source code for the script resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Discovery is credited to Diabolic Crab dcrab <email@example.com>.
LiteCommerce is reportedly affected by multiple SQL injection vulnerabilities.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
All versions of LiteCommerce are considered to be affected at the moment.
An exploit is not required.
The following proof of concept examples are available: