CVE-2006-2827

moderate-risk
Published 2006-06-05

SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters." As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims

Do I need to act?

-
0.78% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (3)

X-Cart
X-Cart
X-Cart

Affected Vendors

Qualiteam

References (6)

http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html
http://www.osvdb.org/25204
https://exchange.xforce.ibmcloud.com/vulnerabilities/25944
http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html
http://www.osvdb.org/25204
https://exchange.xforce.ibmcloud.com/vulnerabilities/25944
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 3/34 · Minimal
Exposure 9/34 · Low