Multiple vulnerabilities in Simple PHP Shopping Cart

Posted date 13/05/2024
Importance
5 - Critical
Affected Resources

Simple PHP Shopping Cart, 0.9 version.

Description

INCIBE has coordinated the publication of 9 vulnerabilities: 5 of critical severity and 4 medium, affecting Asaancart Simple PHP Shopping Cart, version 0.9, a shopping cart solution specially developed for small and medium-sized companies, which have been discovered by Rafael Pedrero.

These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability:

  • CVE-2024-4826: 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-89
  • CVE-2024-4827 to CVE-2024-4830: 9.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L | CWE-89
  • CVE-2024-4831 to CVE-2024-4834: 6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-79
Solution

There is no reported solution at this time.

Detail
  • CVE-2024-4826: SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query, due to the lack of proper sanitisation of the category_id parameter in the category.php file.
  • Vulnerability in Simple PHP Shopping Cart 0.9 that allows SQL injection. An attacker could exploit this vulnerability by sending a specially crafted SQL query to the application and retrieving all the information stored on the server. The list of assigned CVEs is as follows:
    • CVE-2024-4827: /shop/cart.php, product_id and product_name parameters.
    • CVE-2024-4828: /shop/image_viewer.php, product_id parameter.
    • CVE-2024-4829: /shop/page.php, page_id parameter.
    • CVE-2024-4830: product_id, /shop/product.php parameter.
  • Vulnerability in Simple PHP Shopping Cart 0.9 that could allow XSS. An attacker could exploit this vulnerability by sending a crafted URL to an authenticated victim and partially hijacking their browser session. The list of assigned CVEs is as follows:
    • CVE-2024-4831: /shop/category.php, category_name.
    • CVE-2024-4832: /shop/image_viewer.php, current_image parameter.
    • CVE-2024-4833: /shop/page.php, page_name parameter.
    • CVE-2024-4834: /shop/cart.php, product_name parameter.
Etiquetas