Title: SunShop Shopping Cart 'class.ajax.php' Multiple SQL Injection Vulnerabilities
Severity: MODERATE
Description:
SunShop Shopping Cart is a web-based ecommerce application implemented in PHP.
The application is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to the '_POST[id]' variable in the 'class.ajax.php' source file before using it in an SQL query. Additional unspecified POST variables are also vulnerable within the script.
Attackers can send POST data requests that contain SQL queries to the 'id' parameter of the 'index.php' script.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to SunShop Shopping Cart 4.1.5 are vulnerable.
Affected Products:
- TurnkeyWebTools SunShop Shopping Cart 1.5.0
- TurnkeyWebTools SunShop Shopping Cart 2.0.0
- TurnkeyWebTools SunShop Shopping Cart 2.1.0
- TurnkeyWebTools SunShop Shopping Cart 2.2.0
- TurnkeyWebTools SunShop Shopping Cart 2.4.0
- TurnkeyWebTools SunShop Shopping Cart 2.5.0
- TurnkeyWebTools SunShop Shopping Cart 2.6.0
- TurnkeyWebTools SunShop Shopping Cart 3.4.0 RC1
- TurnkeyWebTools SunShop Shopping Cart 3.5.0
- TurnkeyWebTools SunShop Shopping Cart 3.5.1
- TurnkeyWebTools SunShop Shopping Cart 4.0.0
- TurnkeyWebTools SunShop Shopping Cart 4.0.0 RC6
- TurnkeyWebTools SunShop Shopping Cart 4.1.0
- TurnkeyWebTools SunShop Shopping Cart 4.1.4
References:
- TurnkeyWebTools: SunShop Shopping Cart Homepage
- TurnkeyWebTools: v4.1.5 Changelog