No avatar

2005-06-03 06:05

Quick.Cart index.php iCategory Variable SQL Injection
Posted on 11 May 2005

Vulnerability Description

Quick.Cart contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'iCategory' variable in the 'index.php' script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes


Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Open Solution Quick.Cart 0.3 Affected

Vulnerability classification:
Remote vulnerability
Input manipulation attack
Impact on integrity
Exploit available

External references:
Secunia Advisory ID: 15297
Other Advisory URL: go there
Vendor URL: go there
Related OSVDB ID: 16330
CVE ID: 2005-1588



No avatar

2005-06-03 08:39

Its a bit difficult to inject or manipulate SQL on a flat file system!!


No avatar

2005-06-04 07:58

Quote: Its a bit difficult to inject or manipulate SQL on a flat file system!!

But is it still possable for the hackers to get in little lone it might be difficult.
My question is can injection or manipulation still be done buy someone that knows the codeing well?
If so what version would people recomend 2.3/2.5 ?till there is a patch for it as i want to be 100% safe not 99.9 as that 0.1% of hackers that know what they are doing can make life hell.

And can you still download 2.3?

Back to top
about us | contact