oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-Request -- Zeuscart v. 4 -- Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities

From: cve-assign () mitre org
Date: Mon, 2 Mar 2015 14:44:00 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Reflecting XSS-vulnerabilities can be found in a common
Zeuscart-installation in the following locations


Use CVE-2015-2182.



The SQL injection-vulnerabilities can be found in the administrative
backend of Zeuscart v. 4


We did not completely understand this part of the vendor interaction:

https://github.com/ZeusCart/zeuscart/issues/28#issuecomment-72829334
https://github.com/ZeusCart/zeuscart/commit/fa919a5e4887a7d348166eac4f10b041684208ca

https://github.com/ZeusCart/zeuscart/issues/28#issuecomment-73352761

The vendor seems to be suggesting the CVE-2014-3868 patch, which had
been previously discussed in the
http://seclists.org/fulldisclosure/2014/Jun/116 post. This patch seems
related to:

  prodid
  qty
  variations
  subId

whereas your report is about:

  id
  cid

(An entirely separate issue is that the patch has a "$_POST['qty'] =
abs((int)$_GET['prodid']);" line that might result in unintended
quantity values.)

So, we think that there is not, in any sense, a "version" of ZeusCart
that fixes any attack vector that you reported. If there were an
incomplete fix, additional CVE IDs may be required.

Use CVE-2015-2183 for all of the SQL injection issues in your report.



http://{TARGET}/admin/?do=getphpinfo


Use CVE-2015-2184.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU9L0YAAoJEKllVAevmvmsxg4H/2QQ2pZsaIpRjAVyQELpFKz3
YsXxJJpPNJCBsUNi2gLKMGXUf9imACx6R5Zv73YW0hWNGfDBKKSO6J2crmLd0kQh
66IW7vKagZHhJaQoubt2hf9YPGBTC4afOBwuFjIqDKNzFTQ8tpDl2Z6NJ59TGLKV
ORMVZNBWy04KS86dBblmj1fDeFVzKqpOEoatDlgdFrOZgbzqGqVudXrdBpvB+yFu
LnKZyun11bu4U1CRe2FXGa3+IEXVRuruUlnu5Fey+pnVtIkJ0wVwXWJzMBNK+zSM
PH+f+/FwBmigSuejhKjukbOUZjZmNjbGynxpSQm35NSs+72VNqsvhWLztRQhXIo=
=G7BY
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: