CVE-2005-1398

Exploit

EPSS 11.26%
Veröffentlicht 03.05.2005 04:00:00
Zuletzt bearbeitet 16.04.2026 00:27:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters.  NOTE: it was later reported that 3.4 through 4.6.4 are also affected.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpcart ≫ Phpcart Version3.2

Phpcart ≫ Phpcart Version3.4

Phpcart ≫ Phpcart Version4.6.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	11.26%	0.932

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lostmon.blogspot.com/2005/04/phpcart-price-manipulation.html

Exploit

http://secunia.com/advisories/15147

Vendor Advisory

http://www.osvdb.org/15859

http://www.securityfocus.com/archive/1/495806/100/0/threaded

http://www.securityfocus.com/bid/13406

Exploit

http://www.securityfocus.com/bid/30887

https://exchange.xforce.ibmcloud.com/vulnerabilities/44766

https://nvd.nist.gov/vuln/detail/CVE-2005-1398

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-1398

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-1398

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2005-1398