SQL Injection Vulnerability in CS-Cart Reward Points Addon
CVE-2009-2579

Currently unrated

Key Information:

Vendor: Cs-cart
Status: Cs-cart
Vendor: CVE Published:; 5 August 2009

What is CVE-2009-2579?

The Reward Points addon in CS-Cart versions prior to 2.0.6 is susceptible to an SQL injection vulnerability. This flaw allows remote authenticated users to manipulate SQL commands by exploiting the 'sort_order' parameter in the 'reward_points.userlog' action. Successful exploitation can potentially lead to unauthorized data access and modification, highlighting the importance of implementing security measures to safeguard your CS-Cart installation.

References

http://www.securityfocus.com/bid/35936

vdb-entryx_refsource_BID

http://secunia.com/advisories/36112

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/505492/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2009
Vulnerability Reserved
Jul 23, 2009

Cs-cart

What is CVE-2009-2579?

References

Timeline