|
|
>> Comersus Cart BackOffice Lite Multiple Security Vulnerabilities
|
Several vulnerabilities were reported in Comersus Cart, which could be exploited by a remote attacker to bypass security features or compromise a vulnerable system. The first flaw resides in the installation file "comersus_backoffice_install10.asp" when setting the admin session value, which may allow attackers to log in as administrators and bypassing security checks. The second vulnerability is due to an input validation error in the "/store/default.asp" script which could be exploited to execute arbitrary SQL commands. The third issue is due to a weakly password encryption method (the Encryption Key is stored with password). The fourth vulnerability is due to an input validation error in the "comersus_supportError.asp" and "comersus_backofficelite_supportError.asp" when processing error messages, which could be exploited to conduct Cross Site Scripting attacks.
Affected Products
Comersus Cart BackOffice Lite 6.01
Comersus Cart BackOffice Lite 6.0
Solution
Comersus Cart BackOffice Lite 6.02
http://www.comersus.org
References
http://www.vupen.com/english/advisories/2005/0051
http://www.comersus.org/forum/displayMessage.asp?mid=32753
Credits
Vulnerability reported by raf somers
ChangeLog
2005-01-23 : Initial release
2005-02-11 : Updated CVE
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
