发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:16:46

[原文]CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.

[CNNVD]CubeCart SQL注入漏洞(CNNVD-200505-328)

        CubeCart 2.0.6允许远程攻击者通过无效的(1)index.php的language参数,(2)index.php的PHPSESSID参数,(3)tellafriend.php的product参数,(4)view_cart.php的add参数或者(5)view_product.php的product参数来获取敏感信息,从而在PHP出错信息中透露路径。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20050406 [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure

- 漏洞信息

CubeCart SQL注入漏洞
中危 输入验证
2005-05-02 00:00:00 2005-10-20 00:00:00
        CubeCart 2.0.6允许远程攻击者通过无效的(1)index.php的language参数,(2)index.php的PHPSESSID参数,(3)tellafriend.php的product参数,(4)view_cart.php的add参数或者(5)view_product.php的product参数来获取敏感信息,从而在PHP出错信息中透露路径。

- 公告与补丁


- 漏洞信息

CubeCart index.php Multiple Variable Path Disclosure
Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Public Vendor Verified

- 漏洞描述

CubeCart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the index.php script, which will disclose the installation path resulting in a loss of confidentiality.

- 时间线

2005-04-06 2005-03-05
2005-04-06 Unknow

- 解决方案

Upgrade to version 2.0.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

CubeCart Multiple SQL Injection Vulnerabilities
Input Validation Error 13050
Yes No
2005-04-06 12:00:00 2009-07-12 12:56:00
Discovery of these issues is credited to "John Cobb" <>.

- 受影响的程序版本

Brooky CubeCart 2.0.6
Brooky CubeCart 2.0.5
Brooky CubeCart 2.0.4
Brooky CubeCart 2.0.3
Brooky CubeCart 2.0.2
Brooky CubeCart 2.0.1
Brooky CubeCart 2.0 .0

- 漏洞讨论

CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.

These issues affect the 'index.php', 'tellafriend.php', 'view_cart.php', and 'view_product.php' script.

These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. This is not confirmed.

- 漏洞利用

The following examples are available:;PHPSESSID=';product='''

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 相关参考