• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

AFCommerce Shopping Cart Multiple Input Validation Vulnerabilities

AFCommerce Shopping Cart is prone to multiple input-validation vulnerabilities. The issues include HTML- and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

Successful exploits of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, control how the site is rendered to the user, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

Reports indicate that the 'Demo Store' version is affected by these vulnerabilities; other versions may also be affected.

Vendor reports indicate that the 'Demo Store' version may not be vulnerable to the SQL-injection issue.