CVE-2014-8305

Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/	Exploit
http://seclists.org/fulldisclosure/2014/Sep/55	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:c97:cart_engine:*:*:*:*:*:*:*:*

Information

Published : 2014-10-16 12:55

Updated : 2014-12-16 09:25

NVD link : CVE-2014-8305

Mitre link : CVE-2014-8305

JSON object : View

CWE

NVD-CWE-Other

Products Affected

c97

cart_engine

6.4 /10