Quick.Cart index.php iCategory Variable SQL Injection Posted on 11 May 2005
Vulnerability Description
Quick.Cart contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'iCategory' variable in the 'index.php' script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Products: Open Solution Quick.Cart 0.3 Affected
Vulnerability classification: Remote vulnerability Input manipulation attack Impact on integrity Exploit available Verified
External references: Secunia Advisory ID: 15297 Other Advisory URL: go there Vendor URL: go there Related OSVDB ID: 16330 CVE ID: 2005-1588
CATALIN
wizzud
2005-06-03 08:39
Its a bit difficult to inject or manipulate SQL on a flat file system!!
skippymon
2005-06-04 07:58
Quote: Its a bit difficult to inject or manipulate SQL on a flat file system!!
But is it still possable for the hackers to get in little lone it might be difficult. My question is can injection or manipulation still be done buy someone that knows the codeing well? If so what version would people recomend 2.3/2.5 ?till there is a patch for it as i want to be 100% safe not 99.9 as that 0.1% of hackers that know what they are doing can make life hell.
