Synopsis :

The remote web server contains a PHP application affected by several
flaws.

Description :

The remote host is running X-Cart, a PHP-based shopping cart system.

The version installed on the remote host suffers from numerous SQL
injection and cross-site scripting vulnerabilities. Attackers can
exploit the former to influence database queries, resulting possibly
in a compromise of the affected application, disclosure of sensitive
data, or even attacks against the underlying database. And
exploitation of the cross-site scripting flaws can be used to steal
cookie-based authentication credentials and perform similar attacks.

See also :

http://www.securityfocus.com/archive/1/401035/30/0/threaded

Solution :

Unknown at this time.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:H/RL:U/RC:C)
Public Exploit Available : true