Vulnerability Description
phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. NOTE: it was later reported that 3.4 through 4.6.4 are also affected.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpcart | Phpcart | 3.2 |
Related Weaknesses (CWE)
References
- http://lostmon.blogspot.com/2005/04/phpcart-price-manipulation.htmlExploit
- http://secunia.com/advisories/15147Vendor Advisory
- http://www.osvdb.org/15859
- http://www.securityfocus.com/archive/1/495806/100/0/threaded
- http://www.securityfocus.com/bid/13406Exploit
- http://www.securityfocus.com/bid/30887
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44766
- http://lostmon.blogspot.com/2005/04/phpcart-price-manipulation.htmlExploit
- http://secunia.com/advisories/15147Vendor Advisory
- http://www.osvdb.org/15859
- http://www.securityfocus.com/archive/1/495806/100/0/threaded
- http://www.securityfocus.com/bid/13406Exploit
- http://www.securityfocus.com/bid/30887
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44766
FAQ
What is CVE-2005-1398?
CVE-2005-1398 is a vulnerability with a CVSS score of 5.0 (MEDIUM). phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. NOTE: it was later reported that 3.4 through 4.6.4 are als...
How severe is CVE-2005-1398?
CVE-2005-1398 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1398?
Check the references section above for vendor advisories and patch information. Affected products include: Phpcart Phpcart.