• IDP Daily Update #1312
  posted: 11/18/08
  
• NSM Daily Update #1312
  posted: 11/18/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1312
  posted: 11/18/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
  posted: 11/18/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 11/17/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Carmosa PHPCart Order Modification Data Integrity Vulnerability

Severity: MODERATE

Description:

Carmosa PHPCart is a web application that provides shopping-cart functionality to a site.

Carmosa PHPCart is prone to a data-integrity vulnerability because it fails to sufficiently validate user-supplied input data. In particular, order information such as item costs, shipping costs, and taxes incurred are not stored or verified on the server. As a result, a client may modify this data when submitting their shopping cart for payment processing. Modified data will be sent to both the payment agency and to any backend used for order processing.

PHPCart 4.6 is vulnerable; other versions may also be affected.

Affected Products:

• Carmosa PHPCart 4.6

References:

• Carmosa: PHPCart Homepage