Description
Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php.
Affected products
- avactis / avactis_shopping_cart1.9.1
- avactis / avactis_shopping_cart1.8.0 – 1.8.0
- avactis / avactis_shopping_cart1.8.1 – 1.8.1
- avactis / avactis_shopping_cart1.8.2 – 1.8.2
- avactis / avactis_shopping_cart1.9.0 – 1.9.0
References
- MISChttp://www.osvdb.org/68647
- VENDOR_ADVISORYhttp://secunia.com/advisories/41764
- MISChttp://www.securityfocus.com/bid/44104
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/62559
- MISChttp://www.avactis.com/forums/index.php?showtopic=5317
- MISChttp://holisticinfosec.org/content/view/159/45/
- MISChttp://www.osvdb.org/68646