CVE

Id
12238  
CVE No.
CVE-2005-1032  
Status
Candidate  
Description
** REJECT ** cart.php in LiteCommerce might allow remote attackers to obtain sensitive information via invalid (1) category_id or (2) product_id parameters. NOTE: this issue was originally claimed to be due to SQL injection, but the original researcher is known to be frequently inaccurate with respect to bug type and severity. The vendor has disputed this issue, saying "These reports are credited to malicious person we refused to hire. We have not taken legal action against him only because he is located in India. The vulnerabilites reported can not be reproduced, hence information you provide is contrary to fact." Further investigation by CVE personnel shows that an invalid SQL syntax error could be generated, but it only reveals portions of underlying database structure, which is already available in documentation from the vendor, and it does not appear to lead to path disclosure. Therefore, this issue is not a vulnerability or an exposure, and it probably should be REJECTED.  
Phase
Assigned (20050410)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
87718 12238 CVE-2005-1032 BUGTRAQ:20050406 LiteCommerce Sql injection and reveling errors vulnerability  View
87719 12238 CVE-2005-1032 URL:http://marc.info/?l=bugtraq&m=111281524405632&w=2  View
87720 12238 CVE-2005-1032 MISC:http://digitalparadox.org/advisories/lico.txt  View
87721 12238 CVE-2005-1032 MISC:http://www.litecommerce.com/news.html  View
87722 12238 CVE-2005-1032 BID:13044  View
87723 12238 CVE-2005-1032 URL:http://www.securityfocus.com/bid/13044  View
87724 12238 CVE-2005-1032 OSVDB:15314  View
87725 12238 CVE-2005-1032 URL:http://www.osvdb.org/15314  View
87726 12238 CVE-2005-1032 SECUNIA:14857  View
87727 12238 CVE-2005-1032 URL:http://secunia.com/advisories/14857  View
87728 12238 CVE-2005-1032 XF:litecommerce-cart-sql-injection(19998)  View

Related JVN