SpiderSales Shopping Cart SQL injection

critical Nessus Plugin ID 12088

Language:

Synopsis

The remote web application is vulnerable to an injection attack.

Description

The remote host is running the SpiderSales Shopping Cart CGI suite.

There is a bug in this suite which may allow an attacker to force it to execute arbitrary SQL statements on the remote host. An attacker may use this flaw to gain the control of the remote website and possibly execute arbitrary commands on the remote host.

Solution

Disable this suite or upgrade to the latest version

See Also

http://www.s-quadra.com/advisories/Adv-20040303.txt

Plugin Details

Severity: Critical

ID: 12088

File Name: spidersales_sql_injection.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 3/4/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/5/2004

Reference Information

CVE: CVE-2004-0348

BID: 9799