This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.
The remote web server contains a PHP application affected by several
The remote host is running X-Cart, a PHP-based shopping cart system.
The version installed on the remote host suffers from numerous SQL
injection and cross-site scripting vulnerabilities. Attackers can
exploit the former to influence database queries, resulting possibly
in a compromise of the affected application, disclosure of sensitive
data, or even attacks against the underlying database. And
exploitation of the cross-site scripting flaws can be used to steal
cookie-based authentication credentials and perform similar attacks.
See also :
Unknown at this time.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 7.5
Public Exploit Available : true