cpCommerce Multiple Input Validation Vulnerabilities

cpCommerce Multiple Input Validation Vulnerabilities

cpCommerce is prone to multiple vulnerabilities, including SQL-injection, local file-include, and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.

Successful exploits of these vulnerabilities may allow attackers to:

- compromise the application
- access or modify data
- exploit latent vulnerabilities in the underlying database
- view files and execute local scripts in the context of the webserver process
- run arbitrary script code in the browser of an unsuspecting user

These issues affect cpCommerce 1.1.0; other versions may also be vulnerable.